GitHub MCP Server on Amazon Bedrock AgentCore

Overview Schema Related Servers Score Discussions

managed-mcp
docs

client-config.md•3.05 KiB

# MCP Client Configuration — AgentCore with Okta OAuth Connect your IDE's MCP client to the GitHub MCP Server hosted on AgentCore Runtime via PrivateLink. ## Prerequisites 1. **mcp-remote** — install globally: ```bash npm install -g mcp-remote ``` 2. **AWS Client VPN** — connected and able to reach the AgentCore PrivateLink endpoint 3. **Okta account** — you must be assigned to the Okta application ## Configuration Replace these placeholders in the examples below: - `<AGENTCORE_ENDPOINT>` — the AgentCore PrivateLink endpoint URL (get from `terraform output vpce_dns_name`) - `<OKTA_CLIENT_ID>` — your Okta application client ID ### Kiro Add to `~/.kiro/settings/mcp.json`: ```json { "mcpServers": { "github": { "command": "npx", "args": [ "mcp-remote", "https://<AGENTCORE_ENDPOINT>", "--static-oauth-client-info", "{\"client_id\":\"<OKTA_CLIENT_ID>\"}" ] } } } ``` ### VS Code (Copilot) Add to `.vscode/mcp.json`: ```json { "servers": { "github": { "command": "npx", "args": [ "mcp-remote", "https://<AGENTCORE_ENDPOINT>", "--static-oauth-client-info", "{\"client_id\":\"<OKTA_CLIENT_ID>\"}" ] } } } ``` ### Cursor Add to `.cursor/mcp.json` or global settings: ```json { "mcpServers": { "github": { "command": "npx", "args": [ "mcp-remote", "https://<AGENTCORE_ENDPOINT>", "--static-oauth-client-info", "{\"client_id\":\"<OKTA_CLIENT_ID>\"}" ] } } } ``` ## How It Works 1. `mcp-remote` discovers OAuth metadata from the AgentCore endpoint 2. A browser opens to Okta's login page (Authorization Code + PKCE) 3. You log in and consent to the requested scopes 4. Okta issues tokens directly to `mcp-remote` 5. All MCP requests include the access token as a Bearer header 6. AgentCore's built-in JWT Authorizer validates the token against Okta's OIDC discovery URL 7. Authenticated requests reach the container where Supergateway serves GitHub MCP tools 8. `mcp-remote` auto-refreshes tokens when they expire ## Notes - **No `NODE_TLS_REJECT_UNAUTHORIZED=0`** — AgentCore uses AWS-managed TLS certificates, so TLS verification works out of the box. - **VPN required** — the AgentCore endpoint is only reachable through the AWS Client VPN via PrivateLink. - **`--static-oauth-client-info`** — tells `mcp-remote` to use the provided Okta client ID for the OAuth flow instead of relying on server-side metadata. ## Troubleshooting ### 401 Unauthorized - Token may be expired. Restart the MCP server in your IDE to trigger a fresh OAuth flow. - Verify you are assigned to the Okta application. ### Connection Refused / Timeout - Confirm VPN is connected: `curl -s https://<AGENTCORE_ENDPOINT>/healthz` - If unreachable, check your VPN connection and that the VPC endpoint is configured. ### Token Refresh Issues - `mcp-remote` handles token refresh automatically. If it keeps failing, restart the MCP connection in your IDE. - Okta access tokens expire after 1 hour by default.

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/madlinux768/managed-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

client-config.md•3.05 KiB