Amazon Web Services (AWS) has detailed a secure authentication workflow for AI assistants using its AgentCore Gateway service in conjunction with Model Context Protocol (MCP) clients. The process, known as the OAuth Code flow, ensures that all requests to MCP servers are authenticated with valid identity tokens issued by an organization’s identity provider. According to AWS, the setup allows AI assistants to securely access enterprise tools and services by validating user identities through an identity provider (IdP) such as Amazon Cognito, Okta, or Microsoft Entra ID. The guide walks users through implementing the OAuth Code flow as an inbound authorization mechanism for MCP servers hosted on the AgentCore Gateway. By the end of the process, organizations will have a production-ready setup where each AI assistant request is authenticated with a valid user identity token. The solution involves multiple components, including the identity provider, the AgentCore Gateway acting as an OAuth resource server, and the agentic coding assistant, such as Kiro IDE, which manages the authentication flow. The guide also outlines the step-by-step configuration of the identity provider, the setup of the AgentCore Gateway for inbound authorization, and integration with Kiro IDE clients. *Source: [awsml](https://aws.amazon.com/blogs/machine-learning/building-a-secure-auth-code-flow-setup-using-agentcore-gateway-with-mcp-clients/)*