@@ -1726,6 +1726,23 @@ logger = logging.getLogger(__name__)
17261726import httpx
17271727from mcp_proxy_for_aws.sigv4_helper import SigV4HTTPXAuth, create_aws_session
17281728{ {/if }}
1729+ { {#if (includes gatewayAuthTypes "CUSTOM_JWT ")}}
1730+ from bedrock_agentcore.identity import requires_access_token
1731+ { {/if }}
1732+
1733+ { {#each gatewayProviders }}
1734+ { {#if (eq authType "CUSTOM_JWT ")}}
1735+ @requires_access_token(
1736+ provider_name="{ {credentialProviderName }} ",
1737+ scopes=[{ {#if scopes }} "{ {scopes }} "{ {/if }} ],
1738+ auth_flow="M2M",
1739+ )
1740+ def _get_bearer_token_{ {snakeCase name }} (*, access_token: str):
1741+ """Obtain OAuth access token via AgentCore Identity for { {name }} ."""
1742+ return access_token
1743+
1744+ { {/if }}
1745+ { {/each }}
17291746
17301747def get_all_gateway_mcp_toolsets() -> list[MCPToolset]:
17311748 """Returns MCP Toolsets for all configured gateways."""
@@ -1740,6 +1757,10 @@ def get_all_gateway_mcp_toolsets() -> list[MCPToolset]:
17401757 url=url,
17411758 httpx_client_factory=lambda **kwargs: httpx.AsyncClient(auth=auth, **kwargs)
17421759 )))
1760+ { {else if (eq authType "CUSTOM_JWT ")}}
1761+ token = _get_bearer_token_{ {snakeCase name }} ()
1762+ headers = { " Authorization" : f " Bearer {token}" } if token else None
1763+ toolsets.append(MCPToolset(connection_params=StreamableHTTPConnectionParams(url=url, headers=headers)))
17431764 { {else }}
17441765 toolsets.append(MCPToolset(connection_params=StreamableHTTPConnectionParams(url=url)))
17451766 { {/if }}
@@ -2012,6 +2033,23 @@ logger = logging.getLogger(__name__)
20122033{ {#if (includes gatewayAuthTypes "AWS_IAM ")}}
20132034from mcp_proxy_for_aws.sigv4_helper import SigV4HTTPXAuth, create_aws_session
20142035{ {/if }}
2036+ { {#if (includes gatewayAuthTypes "CUSTOM_JWT ")}}
2037+ from bedrock_agentcore.identity import requires_access_token
2038+ { {/if }}
2039+
2040+ { {#each gatewayProviders }}
2041+ { {#if (eq authType "CUSTOM_JWT ")}}
2042+ @requires_access_token(
2043+ provider_name="{ {credentialProviderName }} ",
2044+ scopes=[{ {#if scopes }} "{ {scopes }} "{ {/if }} ],
2045+ auth_flow="M2M",
2046+ )
2047+ def _get_bearer_token_{ {snakeCase name }} (*, access_token: str):
2048+ """Obtain OAuth access token via AgentCore Identity for { {name }} ."""
2049+ return access_token
2050+
2051+ { {/if }}
2052+ { {/each }}
20152053
20162054def get_all_gateway_mcp_client() -> MultiServerMCPClient | None:
20172055 """Returns an MCP Client connected to all configured gateways."""
@@ -2023,6 +2061,10 @@ def get_all_gateway_mcp_client() -> MultiServerMCPClient | None:
20232061 session = create_aws_session()
20242062 auth = SigV4HTTPXAuth(session.get_credentials(), "bedrock-agentcore", session.region_name)
20252063 servers["{ {name }} "] = { " transport" : " streamable_http" , " url" : url , " auth" : auth }
2064+ { {else if (eq authType "CUSTOM_JWT ")}}
2065+ token = _get_bearer_token_{ {snakeCase name }} ()
2066+ headers = { " Authorization" : f " Bearer {token}" } if token else None
2067+ servers["{ {name }} "] = { " transport" : " streamable_http" , " url" : url , " headers" : headers }
20262068 { {else }}
20272069 servers["{ {name }} "] = { " transport" : " streamable_http" , " url" : url }
20282070 { {/if }}
@@ -2438,6 +2480,23 @@ logger = logging.getLogger(__name__)
24382480import httpx
24392481from mcp_proxy_for_aws.sigv4_helper import SigV4HTTPXAuth, create_aws_session
24402482{ {/if }}
2483+ { {#if (includes gatewayAuthTypes "CUSTOM_JWT ")}}
2484+ from bedrock_agentcore.identity import requires_access_token
2485+ { {/if }}
2486+
2487+ { {#each gatewayProviders }}
2488+ { {#if (eq authType "CUSTOM_JWT ")}}
2489+ @requires_access_token(
2490+ provider_name="{ {credentialProviderName }} ",
2491+ scopes=[{ {#if scopes }} "{ {scopes }} "{ {/if }} ],
2492+ auth_flow="M2M",
2493+ )
2494+ def _get_bearer_token_{ {snakeCase name }} (*, access_token: str):
2495+ """Obtain OAuth access token via AgentCore Identity for { {name }} ."""
2496+ return access_token
2497+
2498+ { {/if }}
2499+ { {/each }}
24412500
24422501def get_all_gateway_mcp_servers() -> list[MCPServerStreamableHttp]:
24432502 """Returns MCP servers for all configured gateways."""
@@ -2452,6 +2511,10 @@ def get_all_gateway_mcp_servers() -> list[MCPServerStreamableHttp]:
24522511 name="{ {name }} ",
24532512 params={ " url" : url , " httpx_client_factory" : lambda ** kwargs : httpx .AsyncClient (auth = auth , ** kwargs )}
24542513 ))
2514+ { {else if (eq authType "CUSTOM_JWT ")}}
2515+ token = _get_bearer_token_{ {snakeCase name }} ()
2516+ headers = { " Authorization" : f " Bearer {token}" } if token else { }
2517+ servers.append(MCPServerStreamableHttp(name="{ {name }} ", params={ " url" : url , " headers" : headers } ))
24552518 { {else }}
24562519 servers.append(MCPServerStreamableHttp(name="{ {name }} ", params={ " url" : url } ))
24572520 { {/if }}
@@ -2749,7 +2812,23 @@ logger = logging.getLogger(__name__)
27492812{ {#if (includes gatewayAuthTypes "AWS_IAM ")}}
27502813from mcp_proxy_for_aws.client import aws_iam_streamablehttp_client
27512814{ {/if }}
2815+ { {#if (includes gatewayAuthTypes "CUSTOM_JWT ")}}
2816+ from bedrock_agentcore.identity import requires_access_token
2817+ { {/if }}
2818+
2819+ { {#each gatewayProviders }}
2820+ { {#if (eq authType "CUSTOM_JWT ")}}
2821+ @requires_access_token(
2822+ provider_name="{ {credentialProviderName }} ",
2823+ scopes=[{ {#if scopes }} "{ {scopes }} "{ {/if }} ],
2824+ auth_flow="M2M",
2825+ )
2826+ def _get_bearer_token_{ {snakeCase name }} (*, access_token: str):
2827+ """Obtain OAuth access token via AgentCore Identity for { {name }} ."""
2828+ return access_token
27522829
2830+ { {/if }}
2831+ { {/each }}
27532832{ {#each gatewayProviders }}
27542833def get_{ {snakeCase name }} _mcp_client() -> MCPClient | None:
27552834 """Returns an MCP Client connected to the { {name }} gateway."""
@@ -2759,6 +2838,10 @@ def get_{{snakeCase name}}_mcp_client() -> MCPClient | None:
27592838 return None
27602839 { {#if (eq authType "AWS_IAM ")}}
27612840 return MCPClient(lambda: aws_iam_streamablehttp_client(url, aws_service="bedrock-agentcore", aws_region=os.environ.get("AWS_REGION", os.environ.get("AWS_DEFAULT_REGION"))))
2841+ { {else if (eq authType "CUSTOM_JWT ")}}
2842+ token = _get_bearer_token_{ {snakeCase name }} ()
2843+ headers = { " Authorization" : f " Bearer {token}" } if token else { }
2844+ return MCPClient(lambda: streamablehttp_client(url, headers=headers))
27622845 { {else }}
27632846 return MCPClient(lambda: streamablehttp_client(url))
27642847 { {/if }}
0 commit comments