Skip to content

Bugfix: Adding refresh token auth flow for expired bearer token for MCP Server #419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Oct 10, 2025
Merged

Bugfix: Adding refresh token auth flow for expired bearer token for MCP Server #419

merged 9 commits into from
Oct 10, 2025

Conversation

crupakheti
Copy link
Contributor

Amazon Bedrock AgentCore Samples Pull Request

Important

  1. We strictly follow a issue-first approach, please first open an issue relating to this Pull Request.
  2. Once this Pull Request is ready for review please attach review ready label to it. Only PRs with review ready will be reviewed.

Issue number: #418

Concise description of the PR

The statically stored bearer token in the Secrets Manager by default seems to expire in an hour and sometimes user may need to come back and run the MCP remote client after that 1 hour period. The bearer token in secrets manager will be of no use when it expires and the remote client will always error out in the absence of the refresh token flow. This PR fixes it by introducing refresh auth flow to get a fresh bearer_token when the token in SecretsManager expires.

User experience

Please share what the user experience looks like before and after this change

Before the user will see error as desribed in #418.
After the user will see the following output due to the refreshed token:

Screenshot 2025-09-29 at 5 26 41 PM

Checklist

If your change doesn't seem to apply, please leave them unchecked.

  • I have reviewed the contributing guidelines
  • Add your name to CONTRIBUTORS.md
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?
  • Are you uploading a dataset?
  • Have you documented Introduction, Architecture Diagram, Prerequisites, Usage, Sample Prompts, and Clean Up steps in your example README?
  • I agree to resolve any issues created for this example in the future.
  • I have performed a self-review of this change
  • Changes have been tested
  • Changes are documented

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

@crupakheti
Bugfix: Adding refresh token auth flow for expired bearer token. The …
f84367e 
…token by default seems to expire in an hour and sometimes user may need to come back and run the MCP remote client after that 1 hour period. The bearer token in secrets manager will be of no use when it expires and the remote client will error out in the absence of the refresh token oauth flow.
@crupakheti
Adding my GitHub handle to the contributors page
631a510
@review-notebook-app Review Notebook App
Copy link

Check out this pull request on  ReviewNB

See visual diffs & provide feedback on Jupyter Notebooks.

Powered by ReviewNB

@github-actions github-actions bot added 01-tutorials 01-tutorials 01-AgentCore-runtime 01-tutorials/01-AgentCore-runtime labels Sep 30, 2025
satveerkhurpa
satveerkhurpa approved these changes Oct 10, 2025
View reviewed changes
Copy link
Contributor

@satveerkhurpa satveerkhurpa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updates reviewed and good to go.

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 10, 2025
edited
Loading

Latest scan for commit: 43f0279 | Updated: 2025-10-10 18:37:21 UTC

Security Scan Results

@satveerkhurpa satveerkhurpa merged commit 4b29036 into awslabs:main Oct 10, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@satveerkhurpa satveerkhurpa satveerkhurpa approved these changes

Assignees

No one assigned

Labels

01-AgentCore-runtime 01-tutorials/01-AgentCore-runtime 01-tutorials 01-tutorials

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@crupakheti @satveerkhurpa