fix(fetch): add --identity-name option for custom credential lookup

[aidandaly24]

Description

The fetch access command hardcodes credential lookup to <name>-oauth via computeManagedOAuthCredentialName(), causing failures when users create identities with custom names (e.g. my-custom-identity instead of myGateway-oauth).

This PR adds an --identity-name <name> option to fetch access that lets users specify which OAuth credential to use for token fetch, falling back to the default <name>-oauth convention when omitted. The error message when no credential is found now lists all available OAuth credentials and suggests --identity-name.

Changes:

• types.ts — Added identityName?: string to FetchAccessOptions
• command.tsx — Registered --identity-name <name> CLI option
• action.ts — Pass identityName through to fetchGatewayToken and fetchRuntimeToken
• oauth-token.ts — Accept optional credentialName param with nullish coalescing fallback; improved error message listing available credentials
• fetch-gateway-token.ts — Forward identityName as credentialName
• fetch-runtime-token.ts — Forward identityName in both fetchRuntimeToken and canFetchRuntimeToken

Related Issue

Closes #715

Documentation PR

N/A — CLI --help output is auto-generated from the option registration.

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update
• Other (please describe):

Testing

How have you tested the change?

• I ran npm run test:unit and npm run test:integ
• I ran npm run typecheck
• I ran npm run lint
• If I modified src/assets/, I ran npm run test:update-snapshots and committed the updated snapshots

Unit tests added:

• Custom identity name resolves correct credential (fetchGatewayToken with identityName)
• Falls back to default <name>-oauth convention when identityName omitted
• Error message lists available OAuth credentials when no match found
• Error message suggests --identity-name flag
• CLI option --identity-name propagates to fetchGatewayToken

E2E verification:

• Deployed a test project to AWS (agentcore deploy)
• Created a Cognito user pool with custom OAuth identity
• Verified agentcore fetch access --name travelgateway --identity-name my-cognito-identity --json returns a valid JWT token
• Verified omitting --identity-name preserves backward-compatible behavior

Checklist

• I have read the CONTRIBUTING document
• I have added any necessary tests that prove my fix is effective or my feature works
• I have updated the documentation accordingly
• I have added an appropriate example to the documentation to outline the feature, or no new docs are needed
• My changes generate no new warnings
• Any dependent changes have been merged and published

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the
terms of your choice.

[github-actions]

Package Tarball

aws-agentcore-0.6.0.tgz

How to install

npm install https://github.com/aws/agentcore-cli/releases/download/pr-774-tarball/aws-agentcore-0.6.0.tgz

[jesseturner21]

lgtm