Introduction to free5GC OAuth2 Procedure
Author: Andy Chen (CTFang)
[0-0]. NF_Registration: See TS 29.510 Section22.214.171.124 NFRegister for more details.
[0-1]. When an NF registers with NRF using NFProfile, NRF adds
CustomInfo.oauth2=true to NFProfile and replies to NF upon successful registration. (See TS29.510 for more detailed information about CustomInfo.)
GetTokenCtx() function generates a context and inserts the access token into the request header.
. If the token has expired, the NF would use
SendAccTokenReq() to obtain a new token from NRF.
. NRF would verify the request NFType and the requested service for authorization, and issue the token if authorized.
The OAuth2 functions are under development in free5GC. They will be released after thorough testing. Furthermore, there may be a more detailed workflow article related to this topic.
allowedNfTypes: TS 29.510 Section126.96.36.199.2 Definition of type NFProfile
When NRF verifies the scope during the AccessTokenRequest, it checks the target NF's NFProfile allowedNfTypes to determine whether the NF consumer is in the allowedNfType or not.
TLS Mutual Authentication: TS 33.501 Section13.3.1 Authentication & Authorization between NF and NRF
Authentication and authorization between NF and NRF are completed if PLMN uses protection at the transport layer with mutual authentication.
Hello, I am Andy Chen. I have just started making contributions to the free5GC core network. This post is my first blog, so if there are any inquiries or identification of errors within, we welcome discussion and correction. Your feedback is invaluable, so please don't hesitate to reach out via email to share your insights.
Connect with Me
Additionally, I have provided the graph with a dark background.