generated from amazon-archives/__template_Apache-2.0
-
Notifications
You must be signed in to change notification settings - Fork 58
Open
@massi-ang
Description
Is your feature request related to a problem? Please describe.
In order to get an access_token from Auth0, you need to pass an additional audience parameter in the request.
Using boto3 directly this can be accomplished with:
workload_access_token=BedrockAgentCoreContext.get_workload_access_token()
resp = acr.get_resource_oauth2_token(
workloadIdentityToken=workload_access_token, resourceCredentialProviderName='resource-provider-oauth-gateway',
scopes=[],
customParameters={'audience': '<the_audience_of_the_API>'},
oauth2Flow='M2M')
print(resp['access_token'])
The request_access_token decorator does not support passing that parameter and the request fails since the returned token is an opaque token and not a valid JWT.
raise error_class(parsed_response, operation_name)
botocore.errorfactory.ValidationException: An error occurred (ValidationException) when calling the GetResourceOauth2Token operation: Error parsing ClientCredentials response
Describe the solution you'd like
Add a customParameters parameter to the decorator
Describe alternatives you've considered
One can use the boto3 API directly, but introduces friction to the developer experience
Additional context
The new signature should be:
def requires_access_token(
*,
provider_name: str,
into: str = "access_token",
scopes: List[str],
on_auth_url: Optional[Callable[[str], Any]] = None,
auth_flow: Literal["M2M", "USER_FEDERATION"],
callback_url: Optional[str] = None,
custom_parameters: Optional[dict] = None,
force_authentication: bool = False,
token_poller: Optional[TokenPoller] = None,
) -> Callable:
Metadata
Metadata
Assignees
Labels
No labels