fix(invoke): add bearer-token support to the A2A invoke path for CUSTOM_JWT (#815)#1647
Merged
Conversation
…M_JWT runtimes A2A-protocol agents configured with CUSTOM_JWT authorization could not be invoked: the CLI auto-fetched a bearer token but invokeA2ARuntime always used the SigV4 client, dropping the token and triggering an "Authorization method mismatch" service error. Add bearerToken support to A2AInvokeOptions and, when set, send a raw HTTP POST of the JSON-RPC body with an Authorization: Bearer header via buildInvokeUrl / buildBearerInvokeHeaders, parsing the response through parseA2AResponse. Thread the token through all three call sites (invoke action, TUI invoke flow, dev web-UI invocations handler). Fixes aws#815
Contributor
Package TarballHow to installgh release download pr-1647-tarball --repo aws/agentcore-cli --pattern "*.tgz" --dir /tmp/pr-tarball
npm install -g /tmp/pr-tarball/aws-agentcore-0.21.0.tgz |
Contributor
|
Claude Security Review: no high-confidence findings. (run) |
Contributor
|
Claude Security Review: no high-confidence findings. (run) |
agentcore-cli-automation
approved these changes
Jun 26, 2026
agentcore-cli-automation
left a comment
There was a problem hiding this comment.
Looks good to merge.
The fix mirrors the existing invokeWithBearerTokenStreaming pattern correctly:
buildInvokeUrl+buildBearerInvokeHeadersare reused — no logic duplication.- The bearer branch is gated on
options.bearerTokenand the SigV4 path is left untouched as a fallback. - All three call sites (
action.ts,invocations.ts,useInvokeFlow.ts) are updated, andresolveInvokeTargetalready auto-fetches the token upstream for the CLI/TUI paths, so existing CUSTOM_JWT users get the fix transparently.
Tests are appropriately scoped — mocking only at the true I/O boundaries (@aws-sdk/client-bedrock-agentcore and globalThis.fetch) and asserting both the bearer path and the SigV4 fallback. No excessive mocking.
No new telemetry is needed since InvokeAttrs already captures auth_type (src/cli/telemetry/schemas/command-run.ts:138).
Contributor
|
Claude Security Review: no high-confidence findings. (run) |
agentcore-cli-automation
approved these changes
Jun 26, 2026
agentcore-cli-automation
left a comment
There was a problem hiding this comment.
Looks good to merge.
The fix is correct and minimal:
- The bearer branch is properly gated on
options.bearerTokenininvokeA2ARuntime(agentcore.ts:960-977) and the SigV4 path is left intact as the fallback. The bearer code reusesbuildInvokeUrlandbuildBearerInvokeHeaders, mirroringinvokeWithBearerTokenStreamingandmcpRpcCallWithBearer— this also resolves the TODO at agentcore.ts:708. - All three A2A call sites are threaded:
action.ts:596,useInvokeFlow.ts:786, andinvocations.ts:463/559(via the newbearerTokenfield onDeployedInvokeParams).resolveInvokeTargetauto-fetches the token for CUSTOM_JWT agents upstream, so existing users get the fix transparently. - Response handling stays symmetric with the SigV4 path: a single
res.text()fed throughparseA2AResponseand wrapped insingleValueStream. The bearer path additionally surfaces the runtime session id from the response headers, which is a small bonus. - Tests mock only at true I/O boundaries (the
@aws-sdk/client-bedrock-agentcoreSDK client andglobalThis.fetch) and assert both the bearer path (Authorization header, JSON-RPC body shape, no SDK call) and the SigV4 fallback (no fetch call, SDK invoked). No excessive mocking, and the pattern matchesagentcore-mcp-bearer.test.ts. - No new telemetry is needed:
InvokeAttrs.auth_type(command-run.ts:138) is already derived fromoptions.bearerTokeninbuildInvokeAttrs(invoke/utils.ts:29), so the A2A+JWT path will be reported asbearer_tokenautomatically.
avi-alpert
approved these changes
Jun 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Closes #815 — A2A agents with
CUSTOM_JWTauth are uninvokable.An A2A-protocol agent configured with
CUSTOM_JWTauthorization cannot be invoked. The CLI auto-fetches a bearer token but silently drops it on the A2A path and falls back to SigV4, so every invoke fails with a confusing service error:There is no workaround short of a code change, and no warning at
addtime. The bug affects all three invoke surfaces:agentcore invoke, the TUI, and the dev web-UI.Fix
Thread the bearer token through the A2A invoke path, mirroring how the HTTP path already works. A2A uses the same
InvokeAgentRuntimedata plane and/runtimes/{arn}/invocationsendpoint as HTTP, which already supports bearer auth — so when a token is present, the request should be a raw HTTPS POST with anAuthorization: Bearerheader rather than a SigV4-signed SDK call.bearerToken?: stringtoA2AInvokeOptionssrc/cli/aws/agentcore.tsinvokeA2ARuntime: whenbearerTokenis set, POST the JSON-RPC body withAuthorization: Bearer <token>(viabuildInvokeUrl/buildBearerInvokeHeaders) and parse via the existingparseA2AResponse; otherwise fall back to the SigV4 client unchangedsrc/cli/aws/agentcore.tssrc/cli/commands/invoke/action.tssrc/cli/tui/screens/invoke/useInvokeFlow.tssrc/cli/operations/dev/web-ui/handlers/invocations.tsThe no-token path is unchanged, so non-JWT A2A agents keep using SigV4 exactly as before.
Testing
Validated end-to-end against a real deployed agent and a real JWT issuer, not just unit tests.
Live deploy + invoke (build
0.21.0, us-east-1):Stood up a real OIDC issuer — a Cognito user pool with a resource server (
agentcore/invokescope) and a client-credentials app client — and confirmed token issuance + OIDC discovery.Created an A2A + CUSTOM_JWT agent (
--protocol A2A --authorizer-type CUSTOM_JWT --discovery-url <cognito-oidc> --allowed-clients <id> ...) and deployed it.get-agent-runtimeconfirmedserverProtocol: A2Awith thecustomJWTAuthorizerwired to the Cognito issuer; runtimeREADY.Invoked with a real bearer token — succeeded:
Reproduced the pre-fix failure on the same runtime — a SigV4-signed request returned the exact
AccessDeniedException: Authorization method mismatcherror this fix eliminates on the bearer path. So the bug is confirmed real and the fix confirmed effective on the same deployed agent.Automated tests:
New
src/cli/aws/__tests__/agentcore-a2a-bearer.test.ts(2/2) — asserts the bearer path usesfetchwithAuthorization: Bearer <token>and never the SigV4 client, and that the no-token path still falls back to SigV4.45/45 related regression tests pass (
resolve, payments, deployed-invocations).build/typecheck/lint/formatall green in CI.I ran
npm run test:unitandnpm run test:integI ran
npm run typecheckI ran
npm run lintIf I modified
src/assets/, I rannpm run test:update-snapshotsand committed the updated snapshots — N/A, nosrc/assets/changesRelated Issue
Closes #815
Documentation PR
N/A — bug fix; no devguide change required.
Type of Change
Checklist
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the
terms of your choice.