Connecting MCP servers to Amazon Bedrock AgentCore Gateway using Authorization Code flow
Machine Learning Blog
This article explains how to connect OAuth-protected MCP servers to Amazon Bedrock AgentCore Gateway using the Authorization Code flow for secure agent access.
- AgentCore Gateway centralizes MCP server connections, authentication, and policy enforcement across organizations
- Two configuration methods: implicit sync during target creation or providing tool schemas upfront
- URL session binding validates that the same user who initiated OAuth authorization completed consent
- Admin users complete authorization during target creation; gateway users only authenticate when invoking specific tools
- Supports OAuth 2.0 Authorization Code flow through Amazon Bedrock AgentCore Identity
- Tool definitions are cached, allowing users to browse tools without authenticating to every MCP server
- Includes step-by-step setup with GitHub OAuth Apps and code examples in AWS repository
This solution enables secure, scalable access to OAuth-protected MCP servers while centralizing credential management and eliminating per-IDE configuration complexity.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jun 1
2026
2026
Extending MCP support for Amazon Bedrock AgentCore Gateway
Apr 9
2026
2026
Introducing stateful MCP client capabilities on Amazon Bedrock AgentCore Runtime
May 21
2026
2026
Integrating AWS API MCP Server with Amazon Quick using Amazon Bedrock AgentCore Runtime
Mar 11
2026
2026
Amazon Bedrock AgentCore Runtime now supports stateful MCP server features
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.