Amazon Bedrock AgentCore Identity now supports On-Behalf-Of (OBO) token exchange, enabling developers to build agents that securely access protected resources on behalf of authenticated users — without requiring users to complete multiple consent flows.
Previously, developers building agents that needed to act on behalf of a user had to manage separate consent flows for each protected resource, adding friction for end users and complexity for builders. With OBO token exchange, developers can exchange an access token for a new scoped-down access token that carries both the original user identity and the agent identity. This token is targeted specifically to the outbound protected resource, granting just-in-time, least-privilege access without prompting the user for additional consent.
Amazon Bedrock AgentCore Identity OBO token exchange is now generally available in 14 AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), and Europe (Stockholm). To learn more, visit the Amazon Bedrock AgentCore Identity documentation .
Categories: general:products/amazon-bedrock
Source: Amazon Web Services
Latest Posts
- MC1411077: Dynamics 365 Field Service Adds Work Order Creation from Project Tasks and Enables Task-Based Billing

- MC1411079: Dynamics 365 Project Operations Adds Work Order Creation from Project Tasks

- MC1411066: Dynamics 365 Contact Center Adds Automated Shift Rotations for Workforce Coverage

- MC1411068: Power Automate Adds Power Apps Integration for Interactive Form Design in Desktop Flows






![Power Platform – Please hard refresh your active long-running browser tab(s) [MC1296939] 7 Power Platform – Please hard refresh your active long-running browser tab(s) [MC1296939]](https://mwpro.co.uk/wp-content/uploads/2025/06/pexels-edward-jenner-4252518-96x96.webp)