Amazon Web Services has introduced a new way to manage connections between AI agents and MCP servers through its Bedrock AgentCore Gateway. The update allows organizations to integrate servers protected by OAuth 2.0 using the Authorization Code flow. This change addresses a long-standing limitation where MCP servers without direct API keys could not be securely accessed by AI agents.
The AgentCore Gateway now acts as a centralized proxy. Previously, AI agents required direct credentials to connect to MCP servers. With this update, servers can enforce OAuth-based authentication while still allowing agent interactions. The process involves configuring the gateway to handle token exchange and session management automatically.
AWS documentation outlines three main steps. First, register the MCP server as an OAuth client in the gateway. Second, set up the required scopes and redirect URIs. Third, configure the agent to use the gateway’s endpoint for all MCP server requests. This eliminates the need to hardcode credentials in agent configurations.
Security teams benefit from this change. OAuth 2.0 tokens can be rotated and revoked without affecting agent operations. The gateway handles token refresh internally, reducing maintenance overhead. Organizations using multi-factor authentication for MCP servers can now integrate them without modifying existing workflows.
The update is part of a broader push to standardize AI agent tool integrations. AWS has not announced a timeline for general availability but says documentation is available for early adopters.
Source: aws.amazon.com