TS29510_Nnrf_AccessToken has no servers section?

[gatopeich]

How come there is no "servers" for the OAuth2 service in NRF?

I was expecting something like "{apiRoot}/nnrf-auth/v1"...

5GC_APIs/TS29510_Nnrf_AccessToken.yaml

Line 16 in 77d17f1

/oauth2/token:

[jdegre]

It's intentional, and the reason is that the URI structure you refer to: {apiRoot}/{serviceName}/{serviceVersion} is intended for those services registered in NRF (and later on discovered via NRF Service Discovery).

However, the Oauth2 Access Token service is not discovered; it must be configured on each Network Function. So, the "token endpoint" is always: https://<nrf-fqdn>/oauth2/token (no "service name", and no "serviceVersion").

Still, it would've been possible to define a servers section, having something like {nrfApiRoot}; we use this approach to identify the Oauth2 tokenUrl from the "securitySchemes" section in all other APIs; e.g., take TS29518_Namf_Communication.yaml API. You can see there:

  securitySchemes:
    oAuth2ClientCredentials:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: '{nrfApiRoot}/oauth2/token'
          scopes:
            namf-comm: Access to the Namf_Communication API

So, if we were to define a servers section in the Oauth2 API, it should be something like:

servers:
  - url: '{nrfApiRoot}'
    variables:
      nrfApiRoot:
        default: https://example.com
        description: nrfApiRoot as defined in clause clause 6.3.2 of 3GPP TS 29.510

I'll discuss this approach with other 3GPP folks, to see if that could be a better approach than having no "servers" section at all.

[gatopeich]

Thanks for the clarification. I was suspecting something like that but could not find a clear statement in the specs.