awslabs · HardikThakkar94 · Sep 4, 2025 · Sep 4, 2025 · Sep 4, 2025 · Sep 8, 2025
diff --git a/...entCore-identity/06-Outbound_Auth_Github/runtime_with_strands_and_egress_github_3lo.ipynb b/...entCore-identity/06-Outbound_Auth_Github/runtime_with_strands_and_egress_github_3lo.ipynb
@@ -164,7 +164,7 @@
    "source": [
     "print(\"Setting up Amazon Cognito user pool...\")\n",
     "cognito_config = setup_cognito_user_pool(\"Cognito_3LO_Github\")\n",
-    "print(\"Cognito setup completed ✓\")"
+    "print(\"Cognito setup completed \u2713\")"
    ]
   },
   {
@@ -192,7 +192,7 @@
     "   - Click **New OAuth App** (or **Register a new application** if you have not created one before).\n",
     "   - **Fill in required details:**\n",
     "     - **Application Name**: Name your app.\n",
-    "     - **Homepage URL**: URL for your app’s homepage.<br>\n",
+    "     - **Homepage URL**: URL for your app\u2019s homepage.<br>\n",
     "        EXAMPLE : https://github.com/awslabs/amazon-bedrock-agentcore-samples/examplehomepage\n",
     "     - **Application Description** (optional): Add a description for clarity.\n",
     "     - **Authorization callback URL**: URL where users will be sent after authorization (used for OAuth flow in your application). <br>\n",
@@ -208,15 +208,15 @@
     "\n",
     "5. **Retrieve Credentials**\n",
     "   - Once the application is registered, you will be shown the **Client ID** right on the application summary page.\n",
-    "   - To generate the **Client Secret**, click on the available button or link. The secret will be displayed—copy and save it securely; you’ll use it in your application.\n",
+    "   - To generate the **Client Secret**, click on the available button or link. The secret will be displayed\u2014copy and save it securely; you\u2019ll use it in your application.\n",
     "     - Note: The client secret is only revealed once or only a few times for security.\n",
     "\n",
     "***\n",
     "\n",
     "### Use of Credentials\n",
     "\n",
     "- You will use the **client_id** and **client_secret** when configuring the Github credential provider.\n",
-    "- Never expose the client secret publicly or share it with users—treat it like a password.\n",
+    "- Never expose the client secret publicly or share it with users\u2014treat it like a password.\n",
     "\n",
     "***\n"
    ]
@@ -236,13 +236,13 @@
     "    <img src=\"images/identity-session-binding.png\" width=\"90%\"/>\n",
     "</div>\n",
     "\n",
-    "1. Invoke agent – Your agent code invokes GetResourceOauth2Token API to retrieve an authorization URL, when an originating agent user wants to access some application or resource that he/she owns.\n",
+    "1. Invoke agent \u2013 Your agent code invokes GetResourceOauth2Token API to retrieve an authorization URL, when an originating agent user wants to access some application or resource that he/she owns.\n",
     "\n",
-    "2. Generate authorization URL – AgentCore Identity generates an authorization URL and session URI for the user to navigate to and consent access.\n",
+    "2. Generate authorization URL \u2013 AgentCore Identity generates an authorization URL and session URI for the user to navigate to and consent access.\n",
     "\n",
-    "3. Authorize and obtain access token – The user navigates to the authorization URL and grants consent for your agent to access his/her resource. After that, AgentCore Identity redirects the user's browser to your HTTPS application endpoint with information containing the originating user of the authorization request. At this point, your HTTPS application endpoint determines if the originating agent user is still the same as the currently logged in user of your application. If they match, your application endpoint invokes CompleteResourceTokenAuth so that AgentCore Identity can fetch and store the access token.\n",
+    "3. Authorize and obtain access token \u2013 The user navigates to the authorization URL and grants consent for your agent to access his/her resource. After that, AgentCore Identity redirects the user's browser to your HTTPS application endpoint with information containing the originating user of the authorization request. At this point, your HTTPS application endpoint determines if the originating agent user is still the same as the currently logged in user of your application. If they match, your application endpoint invokes CompleteResourceTokenAuth so that AgentCore Identity can fetch and store the access token.\n",
     "\n",
-    "4. Re-invoke agent to obtain access token – Once the application returns a valid response, your agent application will be able to retrieve the OAuth2.0 access tokens that were originally requested for the user. If the users do not match, your application simply does nothing or logs the attempt.\n",
+    "4. Re-invoke agent to obtain access token \u2013 Once the application returns a valid response, your agent application will be able to retrieve the OAuth2.0 access tokens that were originally requested for the user. If the users do not match, your application simply does nothing or logs the attempt.\n",
     "\n",
     "By allowing your application endpoint to verify the user identity, AgentCore Identity allows your agent application to ensure that it is always the same user who initiated the authorization request and the one who consented access.\n",
     "\n",
@@ -282,12 +282,12 @@
     "\n",
     "#### **Local Development:**\n",
     "- **External Callback URL**: `http://localhost:9090/oauth2/callback` (browser-accessible)\n",
-    "- **Internal Communication**: `http://localhost:9090` (notebook ↔ server)\n",
+    "- **Internal Communication**: `http://localhost:9090` (notebook \u2194 server)\n",
     "- **Server Binding**: `127.0.0.1` (localhost only, secure)\n",
     "\n",
     "#### **SageMaker Workshop Studio:**\n",
     "- **External Callback URL**: `https://<domain>.studio.<region>.sagemaker.aws/proxy/9090/oauth2/callback` (browser-accessible via proxy)\n",
-    "- **Internal Communication**: `http://localhost:9090` (notebook ↔ server in same container)\n",
+    "- **Internal Communication**: `http://localhost:9090` (notebook \u2194 server in same container)\n",
     "- **Server Binding**: `0.0.0.0` (allows SageMaker proxy to reach server)\n",
     "\n",
     "The OAuth2 callback server automatically detects the environment by checking for `/opt/ml/metadata/resource-metadata.json` and configures itself accordingly.\n",
@@ -397,7 +397,7 @@
     "\n",
     "# Configure GitHub OAuth2 provider - On-Behalf-Of User\n",
     "github_provider = identity_client.create_oauth2_credential_provider(\n",
-    "    {\n",
+    "    **{\n",
     "        \"name\": \"github-provider\",\n",
     "        \"credentialProviderVendor\": \"GithubOauth2\",\n",
     "        \"oauth2ProviderConfigInput\": {\n",
@@ -790,11 +790,11 @@
     "    for line in iter(process.stdout.readline, \"\"):\n",
     "        if line:\n",
     "            if \"8501\" in line:\n",
-    "                print(\"\\n🎉 Streamlit app is ready!\")\n",
+    "                print(\"\\n\ud83c\udf89 Streamlit app is ready!\")\n",
     "                streamlit_url = get_streamlit_url()\n",
-    "                print(f\"\\n🚀 Streamlit Application URL:\\n{streamlit_url}\\n\")\n",
+    "                print(f\"\\n\ud83d\ude80 Streamlit Application URL:\\n{streamlit_url}\\n\")\n",
     "                print(\n",
-    "                    \"⚠️ To stop the app, interrupt the kernel or press Ctrl+C in the terminal\"\n",
+    "                    \"\u26a0\ufe0f To stop the app, interrupt the kernel or press Ctrl+C in the terminal\"\n",
     "                )\n",
     "                break\n",
     "\n",
@@ -904,4 +904,4 @@
  },
  "nbformat": 4,
  "nbformat_minor": 4
-}
+}
diff --git a/01-tutorials/03-AgentCore-identity/10-runtime-inbound-outbound-auth/.gitignore b/01-tutorials/03-AgentCore-identity/10-runtime-inbound-outbound-auth/.gitignore
@@ -0,0 +1,10 @@
+# Generated by setup scripts - contain real credentials/IDs
+cognito_config.json
+oauth_config.json
+mcp_server_config.json
+.env
+
+# AgentCore CLI project directory (generated by agentcore create)
+*Demo/
+*AuthDemo/
+*M2MAuthDemo/
diff --git a/01-tutorials/03-AgentCore-identity/10-runtime-inbound-outbound-auth/README.md b/01-tutorials/03-AgentCore-identity/10-runtime-inbound-outbound-auth/README.md
@@ -0,0 +1,230 @@
+# AgentCore Identity: Runtime Inbound and Outbound Auth (Cognito)
+
+## Overview
+
+This sample shows how to secure an **AgentCore Runtime** agent with both inbound and outbound authentication using Amazon Cognito as the Identity Provider (IdP).
+
+- **Inbound Auth**: The runtime endpoint is protected by a Cognito JWT. Callers must present a valid bearer token or receive `AccessDeniedException`.
+- **Outbound Auth**: The agent retrieves an API key from AgentCore Identity (backed by AWS Secrets Manager) at runtime. The key is never stored in environment variables or agent code.
+
+### Architecture
+
+```
+Caller
+  │  Authorization: Bearer <Cognito JWT>
+  ▼
+AgentCore Runtime  ──validates JWT──▶  Cognito User Pool
+  │
+  │  @requires_api_key("OutboundApiKey")
+  ▼
+AgentCore Identity  ──fetches secret──▶  AWS Secrets Manager
+  │
+  ▼
+External API (weather service, OpenAI, etc.)
+```
+
+### Tutorial Details
+
+| Information         | Details                                               |
+|:--------------------|:------------------------------------------------------|
+| Tutorial type       | CLI walkthrough                                       |
+| Agent type          | Single                                                |
+| Agentic Framework   | Strands Agents                                        |
+| LLM model           | Anthropic Claude Haiku 4.5                            |
+| Inbound Auth        | Amazon Cognito (CUSTOM_JWT)                           |
+| Outbound Auth       | AgentCore Identity - API Key credential provider      |
+| Example complexity  | Easy                                                  |
+| CLI tool            | `agentcore` (npm: `@aws/agentcore`)                   |
+
+---
+
+## Prerequisites
+
+- **Node.js** 20.x or later
+- **Python** 3.10+
+- **uv** ([install](https://docs.astral.sh/uv/getting-started/installation/))
+- **AWS credentials** configured (`aws configure` or environment variables)
+- **AgentCore CLI** installed:
+
+```bash
+npm install -g @aws/agentcore
+```
+
+- **Amazon Bedrock model access**: Enable `claude-haiku-4-5` in the [Bedrock console](https://console.aws.amazon.com/bedrock/home#/models)
+
+---
+
+## Step 1: Install Setup Dependencies
+
+```bash
+pip install -r requirements.txt
+```
+
+---
+
+## Step 2: Set Up Cognito (Inbound IdP)
+
+```bash
+python setup_cognito.py
+```
+
+This creates:
+- A Cognito User Pool with one test user (`testuser` / `AgentCoreTest1!`)
+- An App Client with `USER_PASSWORD_AUTH` enabled
+- Saves pool ID, client ID, and discovery URL to `cognito_config.json`
+
+Take note of the two values printed at the end — you will need them in Step 4:
+
+```
+--discovery-url    https://cognito-idp.<region>.amazonaws.com/<pool_id>/.well-known/openid-configuration
+--allowed-clients  <client_id>
+```
+
+---
+
+## Step 3: Create the AgentCore Project
+
+```bash
+agentcore create --name RuntimeAuthDemo --defaults --no-agent
+cd RuntimeAuthDemo
+```
+
+Set your deployment target (the CLI creates an empty `aws-targets.json`):
+
+```bash
+cat > agentcore/aws-targets.json << 'EOF'
+[{"name":"default","description":"Default deployment target","account":"YOUR_AWS_ACCOUNT_ID","region":"us-east-1"}]
+EOF
+```
+
+> Replace `YOUR_AWS_ACCOUNT_ID` with your 12-digit AWS account ID. Find it with `aws sts get-caller-identity --query Account --output text`.
+
+---
+
+## Step 4: Add the Agent (Bring Your Own Code)
+
+Use the `--authorizer-type CUSTOM_JWT` flags to configure inbound JWT auth at deploy time. Replace the placeholder values with the discovery URL and client ID from Step 2:
+
+```bash
+agentcore add agent \
+  --name MyAgent \
+  --type byo \
+  --code-location ../app/MyAgent \
+  --entrypoint main.py \
+  --language Python \
+  --framework Strands \
+  --model-provider Bedrock \
+  --authorizer-type CUSTOM_JWT \
+  --discovery-url YOUR_COGNITO_DISCOVERY_URL \
+  --allowed-clients YOUR_COGNITO_CLIENT_ID
+```
+
+---
+
+## Step 5: Add Outbound Identity Credential
+
+The agent calls the [OpenWeatherMap API](https://openweathermap.org/api) which requires an API key. Get a free one:
+
+1. Sign up at [openweathermap.org](https://home.openweathermap.org/users/sign_up) (free tier)
+2. Go to [API keys](https://home.openweathermap.org/api_keys) and copy your key
+
+Store it securely in AgentCore Identity:
+
+```bash
+agentcore add credential \
+  --name OutboundApiKey \
+  --api-key YOUR_OPENWEATHERMAP_API_KEY
+```
+
+> The CLI stores the key in AWS Secrets Manager via AgentCore Identity. At runtime, the agent retrieves it with `@requires_api_key("OutboundApiKey")`. The key never appears in code or environment variables.
+
+---
+
+## Step 6: Deploy
+
+```bash
+agentcore deploy -y
+```
+
+Deployment takes a few minutes. Monitor progress:
+
+```bash
+agentcore status
+```
+
+---
+
+## Step 7: Test Inbound and Outbound Auth
+
+Go back to the sample root directory and run the invoke script:
+
+```bash
+cd ..
+python invoke.py "What is the weather in Seattle?"
+```
+
+The script runs two tests:
+
+1. **Without bearer token** — expects `AccessDeniedException`
+2. **With valid Cognito bearer token** — expects a successful agent response
+
+Expected output:
+
+```
+[Test 1] Invoking WITHOUT bearer token (expect AccessDeniedException)...
+  Correctly rejected: An error occurred (AccessDeniedException) ...
+
+[Test 2] Invoking WITH valid Cognito bearer token...
+  Token obtained (first 20 chars): eyJraWQiOiJxT...
+
+Agent response:
+The weather in Seattle is currently Sunny, 72F.
+```
+
+---
+
+## Streamlit UI (Optional)
+
+For an interactive browser-based experience instead of the CLI:
+
+```bash
+pip install streamlit
+cd ..
+streamlit run streamlit_app.py
+```
+
+Log in, then use the chat interface to test weather queries. Clear the Bearer Token field in the sidebar to test 403 rejection.
+
+---
+
+## Step 8: Cleanup
+
+```bash
+cd RuntimeAuthDemo
+agentcore remove agent --name MyAgent --force
+agentcore remove credential --name OutboundApiKey --force
+```
+
+Delete Cognito resources:
+
+```python
+import boto3, json
+
+with open("../cognito_config.json") as f:
+    config = json.load(f)
+
+boto3.client("cognito-idp", region_name=config["region"]).delete_user_pool(
+    UserPoolId=config["pool_id"]
+)
+print("Cognito User Pool deleted.")
+```
+
+---
+
+## Key Concepts
+
+| Concept | How it works in this sample |
+|:--------|:---------------------------|
+| **Inbound JWT validation** | AgentCore Runtime checks `Authorization: Bearer <token>` against the Cognito JWKS endpoint before executing the agent |
+| **Outbound API key** | `@requires_api_key(provider_name="OutboundApiKey")` calls `bedrock-agentcore:GetResourceApiKey` + `secretsmanager:GetSecretValue` at runtime |
+| **Zero-secret agent code** | API keys live in Secrets Manager; agent code only sees them in-memory via the decorator |