Amazon Bedrock AgentCore Gateway secures MCP clients with OAuth code flow

Amazon announced a new production-ready setup for using AgentCore Gateway with OAuth authorization code flow to secure communications between AI coding assistants (like Kiro IDE) and enterprise MCP servers. The Gateway acts as an OAuth resource server, intercepting unauthenticated requests and challenging them with a 401 response containing a www-authenticate header. The MCP client then performs discovery via the Gateway's Protected Resource Metadata endpoint, redirects the user to their organization's IdP (Okta, Microsoft Entra ID, or Amazon Cognito) for authentication with PKCE, and obtains an identity token. Every subsequent request includes this token, which AgentCore validates before proxying to the MCP server.

The flow integrates standard OAuth 2.0 with the MCP specification's Protected Resource Metadata pattern, enabling seamless single sign-on for agentic coding tools. Key components include the IdP for user management, AgentCore Gateway for token validation and routing, and an optional MCP OAuth proxy to bridge standardization gaps. This setup ensures that only authorized users can invoke backend tools through their AI assistants, solving the authentication challenge that has hindered enterprise adoption of agentic workflows. The solution supports any OIDC-compliant identity provider and is designed for production environments.