Support passing workload identity name to `require_access_token`

[jariy17]

Problem

I'm trying to implement the 3-legged OAuth (3LO) flow using AWS Identity outside of the Runtime environment. The SDK currently defaults to local authentication settings and expects a ".agentcore.json" configuration file that isn't available in my setup.

When the configuration file is absent, the SDK attempts to create an Identity Workload as a fallback. However, the agent's execution role is denied access, causing the process to fail with messages like "save_turn() is deprecated..." and similar warnings.

Requested Solution

Enable passing a workload identity name directly to the @require_access_token decorator. The decorator should retrieve the workload access token automatically and proceed normally.

Current Alternatives Considered

• Manually placing the ".agentcore.json" file
• Explicitly setting the BedrockAgentCoreContext

Deployment Context

The agent runs on Amazon ECS infrastructure.