AWS adds OAuth support for MCP Server access
🔐 AWS Sign-In now supports OAuth for connecting agents to the AWS MCP Server, enabling browser-based and headless authentication that leverages existing IAM, IAM Identity Center, and federated sign-in methods. The update includes dynamic client registration, token introspection and revocation, new CloudTrail elements, global condition keys, and a headless OAuth API. Agents discover OAuth endpoints, register via DCR, and use authorization code or client credentials flows to obtain short-lived tokens. Administrators can govern OAuth access using standard IAM policies plus OAuth-specific condition keys and monitor activity via CloudTrail.
