29.5183GPP5G SystemAccess and Mobility Management ServicesRelease 17Stage 3TS
As indicated in 3GPP TS 33.501 , the access to the Namf_Communication API may be authorized by means of the OAuth2 protocol (see IETF RFC 6749 ), using the "Client Credentials" authorization grant, where the NRF (see 3GPP TS 29.510 ) plays the role of the authorization server.
If Oauth2 authorization is used, an NF Service Consumer, prior to consuming services offered by the Namf_Communication API, shall obtain a "token" from the authorization server, by invoking the Access Token Request service, as described in 3GPP TS 29.510 , clause 220.127.116.11.
NOTE: When multiple NRFs are deployed in a network, the NRF used as authorization server is the same NRF that the NF Service Consumer used for discovering the Namf_Communication service.
The Namf_Communication API defines scopes for OAuth2 authorization as specified in 3GPP TS 33.501 ; it defines a single scope consisting on the name of the service (i.e., "namf-comm"), and it does not define any additional scopes at resource or operation level.