Connecting MCP servers to Amazon Bedrock AgentCore Gateway using Authorization Code flow

Amazon Web Services has announced a significant upgrade to its Amazon Bedrock AgentCore Gateway, introducing support for the OAuth 2.0 Authorization Code flow. This feature, powered by Amazon Bedrock AgentCore Identity, enables enterprise AI agents to securely authenticate and connect to third-party Model Context Protocol (MCP) servers that require user-delegated authorization. Previously, connecting agents to protected tools from vendors like GitHub, Salesforce, and Databricks required managing credentials individually for each server. The new centralized gateway acts as a single endpoint, consolidating authentication, observability, and policy enforcement to simplify scaling AI agent deployments across large organizations.

AWS provides two methods for administrators to configure these secure connections. The first method involves an implicit sync during target creation, where the admin completes the OAuth flow upfront, allowing the gateway to discover and cache the MCP server's available tools. The second, recommended method allows admins to provide the tool schema directly during configuration, which is beneficial for automation or when human intervention isn't possible. This centralization means developers and end-users (Gateway users) only need to point to one Gateway URL to access a full suite of tools, while the gateway itself handles the complex token lifecycle management, removing credentials from application code and streamlining secure access to production-grade AI tools.