View a markdown version of this page

MCPServerOAuth3LOConfig - AWS DevOps Agent
ContentsSee Also

MCPServerOAuth3LOConfig

OAuth 3-legged authorization configuration for MCP server.

Contents

authorizationUrl

OAuth authorization URL for 3LO authentication.

Type: String

Pattern: https://[a-zA-Z0-9.-]+(?::[0-9]+)?(?:/.*)?

Required: Yes

clientId

OAuth client ID for authenticating with the service.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 255.

Pattern: [a-zA-Z0-9._-]+

Required: Yes

exchangeUrl

OAuth token exchange URL.

Type: String

Pattern: https://[a-zA-Z0-9.-]+(?::[0-9]+)?(?:/.*)?

Required: Yes

returnToEndpoint

The endpoint to return to after OAuth flow completes (must be AWS console domain)

Type: String

Pattern: https://[a-zA-Z0-9.-]*\.(console\.(aws|aws-dev)|awsc-(integ|preprod)\.aws)\.amazon\.com(/.*)?

Required: Yes

clientName

User friendly OAuth client name specified by end user.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 100.

Pattern: [\p{L}\p{N}\p{Z}._-]+

Required: No

clientSecret

OAuth client secret for authenticating with the service. Required for confidential clients or when PKCE is not supported. Optional for public clients using PKCE.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Pattern: [\S]+

Required: No

exchangeParameters

OAuth token exchange parameters for authenticating with the service.

Type: String to string map

Required: No

scopes

OAuth scopes for 3LO authentication. The service will always request scope offline_access.

Type: Array of strings

Required: No

supportCodeChallenge

Whether the service supports PKCE (Proof Key for Code Exchange) for enhanced security during the OAuth flow.

Type: Boolean

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: