You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's intentional, and the reason is that the URI structure you refer to: {apiRoot}/{serviceName}/{serviceVersion} is intended for those services registered in NRF (and later on discovered via NRF Service Discovery).
However, the Oauth2 Access Token service is not discovered; it must be configured on each Network Function. So, the "token endpoint" is always: https://<nrf-fqdn>/oauth2/token (no "service name", and no "serviceVersion").
Still, it would've been possible to define a servers section, having something like {nrfApiRoot}; we use this approach to identify the Oauth2 tokenUrl from the "securitySchemes" section in all other APIs; e.g., take TS29518_Namf_Communication.yaml API. You can see there:
securitySchemes:
oAuth2ClientCredentials:
type: oauth2flows:
clientCredentials:
tokenUrl: '{nrfApiRoot}/oauth2/token'scopes:
namf-comm: Access to the Namf_Communication API
So, if we were to define a servers section in the Oauth2 API, it should be something like:
servers:
- url: '{nrfApiRoot}'variables:
nrfApiRoot:
default: https://example.comdescription: nrfApiRoot as defined in clause clause 6.3.2 of 3GPP TS 29.510
I'll discuss this approach with other 3GPP folks, to see if that could be a better approach than having no "servers" section at all.
How come there is no "servers" for the OAuth2 service in NRF?
I was expecting something like "{apiRoot}/nnrf-auth/v1"...
5GC_APIs/TS29510_Nnrf_AccessToken.yaml
Line 16 in 77d17f1
The text was updated successfully, but these errors were encountered: