[Bug] Gateway returns internal error for tools/call with OAuth MCP targets

[tperol]

Summary

AgentCore Gateway fails to forward tools/call requests to MCP server targets configured with OAuth authentication (client_credentials flow). The Gateway returns "An internal error occurred" without forwarding the request to the MCP runtime.

Which component is impacted?

• 01-AgentCore-runtime
• 02-AgentCore-gateway
• 03-AgentCore-identity
• 04-AgentCore-memory
• 05-AgentCore-tools
• 06-AgentCore-observability
• 07-AgentCore-E2E

What Works

• tools/list via Gateway (cached from synchronization) ✅
• Direct OAuth calls to MCP runtime (both tools/list and tools/call) ✅

What Fails

• tools/call via Gateway → Returns "An internal error occurred" ❌

Environment

• Region: us-east-1
• Gateway Authentication: AWS_IAM (SigV4)
• Target Authentication: OAuth credential provider (Cognito client_credentials)
• MCP Runtime: AgentCore Runtime with customJWTAuthorizer

Reproduction Steps

1. Create MCP runtime with customJWTAuthorizer (Cognito OIDC discovery URL)
2. Create Gateway with AWS_IAM authentication
3. Create Gateway target with OAuth credential provider:
   • Token endpoint: Cognito /oauth2/token
   • Grant type: client_credentials
   • Scope: custom scope for MCP invoke
4. Verify target status is READY (synchronization succeeds)
5. Call tools/list via Gateway → Works, returns tool list
6. Call tools/call via Gateway → Fails with internal error

Error Response

{"jsonrpc":"2.0","id":"1","error":{"code":-32603,"message":"An internal error occurred"}}

Evidence

MCP runtime CloudWatch logs show only:

• PingRequest (during synchronization)
• ListToolsRequest (during synchronization)

No CallToolRequest is ever received by the runtime when calling through Gateway.

When calling the MCP runtime directly with OAuth Bearer token (bypassing Gateway), both tools/list and tools/call work correctly.

Workaround

We implemented a workaround that calls the MCP runtime directly with OAuth tokens, bypassing the Gateway for tools/call requests. This confirms the issue is in the Gateway's request forwarding, not the MCP runtime or OAuth configuration.

Expected Behavior

Gateway should forward tools/call requests to MCP runtime targets with OAuth authentication, just as it does for tools/list requests.

AWS Support Case

Filed with AWS Support (Bedrock AgentCore / Gateway category).

[rudypenajr]

Was this issue every resolved? I hit a similar issue but have yet to resolve it. I presume it has to be something in the Gateway/Gateway Target since I can hit my MCP Runtime just fine.