How it Works

This section describes how this role works.

The AMF supports AccessToken validation in the incoming request. It is processed as in the following procedures:

  • If an OAuth2 token is present in an incoming request from an NF consumer (such as SMF, UDM, peer AMF, and others), the AMF as an NF producer validates the token that is received in the incoming request.

  • The signing algorithm used to encrypt the token at NRF can be accessed from access-token-jws-algo , and the respective shared secret key or public key can be accessed using access-token-jws-key .

  • The AMF rejects an API request without the AccessToken or an API request with an invalid AccessToken. It returns the status code 401 together with the www-authenticate header, with an error note as invalid_token .

  • The AMF rejects an API request with an AccessToken validation token, for not having the required scopes to invoke the service operation. It returns the status code 403 together with the www-authenticate header, with an error note as insufficient_scope .