Skip to content

Introduction to free5GC OAuth2 Procedure


Author: Andy Chen (CTFang, Tsung-Fang Chen)
Date: 2023/11/15
Update: 2024/02/21



[0-0]. NF_Registration: See TS 29.510 Section5.2.2.2 NFRegister for more details.

[0-1]. When an NF registers with NRF using NFProfile, NRF adds CustomInfo.oauth2=true to NFProfile and replies to NF upon successful registration. (See TS29.510 for more detailed information about CustomInfo.)

[1]. The GetTokenCtx() function generates a context and inserts the access token into the request header.

[2]. If the token has expired, the NF would use SendAccTokenReq() to obtain a new token from NRF.

[3]. NRF would verify the request NFType and the requested service for authorization, and issue the token if authorized.


The OAuth2 functions had been relased in free5GC v3.4.0.

Pull Requests

  • free5gc/NRF PR#27
  • free5gc/free5gcPR#525
  • There would be related Pull Request for each NF.

Future Work

  • allowedNfTypes: TS 29.510 Section6. Definition of type NFProfile

    When NRF verifies the scope during the AccessTokenRequest, it checks the target NF's NFProfile allowedNfTypes to determine whether the NF consumer is in the allowedNfType or not.

  • TLS Mutual Authentication: TS 33.501 Section13.3.1 Authentication & Authorization between NF and NRF

    Authentication and authorization between NF and NRF are completed if PLMN uses protection at the transport layer with mutual authentication.


Hello, I am Andy Chen. I have just started making contributions to the free5GC core network. This post is my first blog, so if there are any inquiries or identification of errors within, we welcome discussion and correction. Your feedback is invaluable, so please don't hesitate to reach out via email to share your insights.

Connect with Me

Linkedin Github


Additionally, I have provided the graph with a dark background.



If you are interested in supporting free5GC, we welcome your donation. Please visit this link for more details.