Skip to content

feat: add OAuth credential type to add identity TUI wizard#464

Open
aidandaly24 wants to merge 7 commits intoaws:feat/gateway-integrationfrom
aidandaly24:feat/add-identity-oauth
Open

feat: add OAuth credential type to add identity TUI wizard#464
aidandaly24 wants to merge 7 commits intoaws:feat/gateway-integrationfrom
aidandaly24:feat/add-identity-oauth

Conversation

@aidandaly24
Copy link
Contributor

@aidandaly24 aidandaly24 commented Feb 26, 2026

Description

Add OAuth credential support to the identity TUI wizard and integrate it into the gateway target flow for credential reuse. Also fixes several deploy UX bugs and terminology inconsistencies.

OAuth in identity wizard: Previously, the interactive wizard only supported API Key credentials. This adds OAuth as a selectable option, collecting: credential name, OIDC discovery URL (validated to end with /.well-known/openid-configuration), client ID (masked), client secret (masked), and scopes (optional).

Credential reuse in gateway target flow: When adding a gateway target with OAuth outbound auth, users can now reuse existing OAuth credentials from agentcore.json instead of creating one inline every time. If no OAuth credentials exist, the flow goes directly to creation. If they exist, the user picks an existing one or creates new — which delegates to the identity wizard screen (with the type step pre-selected to OAuth). This replaces ~150 lines of duplicated inline credential creation with a flow-level transition to the identity screen.
Screenshot 2026-02-27 at 10 17 38 AM

Deploy fixes:

  • Credential count display now shows unique providers instead of counting env vars (1 OAuth credential was showing as "2 identity providers")
  • Deploy step ordering fixed — identity setup steps now appear before Synthesize CloudFormation in the step indicator, matching actual execution order
  • "Check stack status" step now runs in the identity setup path (was previously skipped)
Screenshot 2026-02-27 at 10 16 45 AM Screenshot 2026-02-27 at 10 16 59 AM

Other:

  • agentcore add identity no longer requires an agent to exist first — credentials are standalone resources
  • Renamed "MCP gateway" to "gateway" in all user-facing UI text

Related Issue

N/A — prerequisite for CUSTOM_JWT inbound auth (Task 17)

Documentation PR

N/A

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update
  • Other (please describe):

Testing

  • I ran npm run test:unit and npm run test:integ
  • I ran npm run typecheck
  • I ran npm run lint
  • If I modified src/assets/, I ran npm run test:update-snapshots and committed the updated snapshots

Checklist

  • I have read the CONTRIBUTING document
  • I have added any necessary tests that prove my fix is effective or my feature works
  • I have updated the documentation accordingly
  • I have added an appropriate example to the documentation to outline the feature, or no new docs are needed
  • My changes generate no new warnings
  • Any dependent changes have been merged and published

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@github-actions github-actions bot added the size/m PR size: M label Feb 26, 2026
@aidandaly24 aidandaly24 marked this pull request as draft February 26, 2026 22:09
@github-actions github-actions bot added size/l PR size: L and removed size/m PR size: M labels Feb 27, 2026
@github-actions github-actions bot added size/l PR size: L and removed size/l PR size: L labels Feb 27, 2026
@aidandaly24 aidandaly24 marked this pull request as ready for review February 27, 2026 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/l PR size: L

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant