Pushed Authorization Request (PAR) incompatibility blocks OAuth integration with non-PAR providers (Atlassian MCP)

[arslan-autoscout24]

Description

AWS Bedrock AgentCore always uses Pushed Authorization Request (PAR, RFC 9126) when performing OAuth 2.0 flows via get_resource_oauth2_token(). This creates an incompatibility with OAuth providers that don't support PAR, including:

• Atlassian MCP OAuth Server (https://mcp.atlassian.com)
• Potentially other OAuth 2.0 providers that predate or don't implement PAR

When attempting USER_FEDERATION flow with non-PAR providers, the authorization fails with a generic ValidationException: Invalid request error, with no indication that PAR is the root cause.

Technical Details

What is PAR?
Pushed Authorization Request (RFC 9126, published October 2021) is a security enhancement to OAuth 2.0 where:

1. Authorization parameters are first POSTed to a pushed_authorization_request_endpoint
2. The provider returns a request_uri (opaque reference)
3. The authorization URL includes request_uri instead of direct parameters

The Issue:

1. AgentCore always uses PAR for OAuth flows (backend implementation)
2. There's no way to disable PAR via SDK parameters
3. OAuth providers without PAR support reject the request_uri parameter
4. Error messages are generic and unhelpful (confirmed in GetResourceOauth2Token returns ValidationException: Error parsing ClientCredentials response #81 - AWS doesn't propagate OAuth provider errors)

Evidence:

• Authorization URL generated: Contains request_uri=urn:ietf:params:oauth:request_uri:... (PAR signature)
• MCP OAuth metadata: No pushed_authorization_request_endpoint in discovery document
• SDK API inspection: No PAR configuration options in IdentityClient.get_token() or requires_access_token decorator
• Issue Support for Auth0 credential provider when using the request_access_token decorator and for Identity.get_token #109: customParameters only adds params, cannot override core OAuth flow behavior.

To Reproduce

1. Set up a non-PAR OAuth provider (example: Atlassian MCP)

a) Discover OAuth metadata:

curl https://mcp.atlassian.com/.well-known/oauth-authorization-server | jq

Output shows:

{
  "issuer": "https://mcp.atlassian.com",
  "authorization_endpoint": "https://auth.atlassian.com/authorize",
  "token_endpoint": "https://mcp.atlassian.com/oauth/token",
  "registration_endpoint": "https://mcp.atlassian.com/oauth/register"
  // Note: No "pushed_authorization_request_endpoint"
}

b) Register OAuth client:

import requests

response = requests.post(
    "https://mcp.atlassian.com/oauth/register",
    json={
        "client_name": "AgentCore Test",
        "redirect_uris": ["https://bedrock-agentcore.us-west-2.amazonaws.com/callback"],
        "grant_types": ["authorization_code", "refresh_token"],
        "response_types": ["code"],
        "token_endpoint_auth_method": "client_secret_basic"
    }
)
client_data = response.json()

2. Create AgentCore OAuth Provider

from bedrock_agentcore.services.identity import IdentityClient

client = IdentityClient(region="us-west-2")

provider_response = client.create_oauth2_credential_provider({
    "name": "test-mcp-oauth",
    "clientId": client_data["client_id"],
    "clientSecret": client_data["client_secret"],
    "authorizationEndpoint": "https://auth.atlassian.com/authorize",
    "tokenEndpoint": "https://mcp.atlassian.com/oauth/token",
    "scopes": ["read:jira-work", "read:confluence-content"],
    "userClientCallbackUrl": "https://bedrock-agentcore.us-west-2.amazonaws.com/callback"
})

3. Attempt USER_FEDERATION flow

import asyncio
from bedrock_agentcore.identity.auth import requires_access_token

@requires_access_token(
    provider_name="test-mcp-oauth",
    scopes=["read:jira-work"],
    auth_flow="USER_FEDERATION",
    on_auth_url=lambda url: print(f"Auth URL: {url}")
)
async def test_mcp_auth(access_token=None):
    print(f"Got token: {access_token}")

# Get workload token first
workload_resp = client.get_workload_access_token(
    workload_name="your-workload",
    user_id="test-user"
)

# Try to get OAuth token
asyncio.run(test_mcp_auth())

4. Observe the failure

Authorization URL printed:

https://auth.atlassian.com/authorize?client_id=sPRYGHC1shLGrbQ0&request_uri=urn:ietf:params:oauth:request_uri:Atza|...
Key observation: URL contains request_uri parameter (PAR usage)

Error result:
ValidationException: Invalid request

What's really happening: MCP OAuth server rejects the request_uri parameter as unsupported, but AgentCore shows generic error (per #81: "We don't propagate errors from credential provider")

Impact
This limitation blocks integration with:

• Atlassian MCP OAuth Server
• Any OAuth 2.0 provider that doesn't implement PAR (RFC 9126)
• Legacy OAuth providers predating PAR (published Oct 2021)
• Custom OAuth implementations without PAR support

Many widely-used OAuth providers don't require PAR, as it's an optional security enhancement, not a core OAuth 2.0 requirement.

Suggested Solution:

Add PAR Disable Flag

# In IdentityClient.get_token()
async def get_token(
    self,
    *,
    provider_name: str,
    # ... existing params ...
    use_par: bool = True,  # NEW: Allow disabling PAR
) -> str:
    # Pass to backend

# In requires_access_token decorator
def requires_access_token(
    *,
    provider_name: str,
    # ... existing params ...
    use_par: bool = True,  # NEW
) -> Callable:

Related Issues:

• GetResourceOauth2Token returns ValidationException: Error parsing ClientCredentials response #81 - Generic OAuth errors without provider error propagation (explains why we see "Invalid request" instead of "request_uri not supported")
• Support for Auth0 credential provider when using the request_access_token decorator and for Identity.get_token #109 - customParameters support for Auth0 (proves customParameters can't override PAR, only add params)

Workaround
Currently no workaround exists for integrating with non-PAR OAuth providers via AgentCore's OAuth system. Options are limited to:

Using provider's API tokens directly (bypasses OAuth, but loses USER_FEDERATION benefits)
Implementing custom OAuth flow outside AgentCore (defeats purpose of integrated identity system)
Requesting OAuth provider add PAR support (not always feasible for third-party services)

Additional Context
Environment:

SDK Version: bedrock-agentcore-sdk-python (latest from GitHub)
Python Version: 3.12
Region: us-west-2
Documentation Checked:

• AgentCore API Reference
• OAuth 2.0 Integration Guide
• RFC 9126 (Pushed Authorization Request)
• Atlassian MCP OAuth Server metadata
• All open/closed GitHub issues (30 total reviewed)

This issue prevents legitimate OAuth 2.0 integrations from working with AgentCore. Adding PAR configurability would significantly expand the ecosystem of compatible OAuth providers while maintaining the enhanced security for providers that support PAR.

[SkyWalker-CMD]

Hello @arslan-autoscout24

Atlassian has a well-known OpenID configuration endpoint and an oauth authorization server endpoint (see below).

• Well-Known OpenID Configuration: https://auth.atlassian.com/.well-known/openid-configuration
• OAuth Authorization Server: https://mcp.atlassian.com/.well-known/oauth-authorization-server

Each configuration has it's own token endpoint and authorization endpoint which are different, and seem to be mixed and matched below (i.e. the authorizationEndpoint and tokenEndpoint belong to two different domains/configurations).

Additionally, the parameter name for the callbackUrl is not userClientCallbackUrl (see: https://github.com/aws/bedrock-agentcore-sdk-python/blob/main/src/bedrock_agentcore/identity/auth.py#L29 for exact parameter name).

provider_response = client.create_oauth2_credential_provider({
    "name": "test-mcp-oauth",
    "clientId": client_data["client_id"],
    "clientSecret": client_data["client_secret"],
    "authorizationEndpoint": "https://auth.atlassian.com/authorize",
    "tokenEndpoint": "https://mcp.atlassian.com/oauth/token",
    "scopes": ["read:jira-work", "read:confluence-content"],
    "userClientCallbackUrl": "https://bedrock-agentcore.us-west-2.amazonaws.com/callback"
})

@arslan-autoscout24: could you please try with the Atlassian provider https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_AtlassianOauth2ProviderConfigInput.html or use the same domain/configuration for both token and authorization endpoints?