| CPC H04W 12/084 (2021.01) [H04L 63/0281 (2013.01); H04L 67/56 (2022.05); H04W 8/18 (2013.01); H04W 84/042 (2013.01)] | 16 Claims |
|
1. A method for delegated authorization at a security edge protection proxy (SEPP), the method comprising:
at a SEPP including at least one processor and a memory:
intercepting, by the SEPP and from a first consumer network function (NF) separate from the SEPP and that does not support access-token-based authorization, a first service based interface (SBI) service request lacking an access token and for accessing a service provided by a first 5G producer NF that requires access-token-based authorization;
operating, by the SEPP, as an access token authorization client proxy to obtain a first access token on behalf of the first consumer NF, wherein operating as the access token authorization client proxy includes signaling, by the SEPP and with an NF repository function (NRF) that operates as an access token authorization server, to obtain the first access token from the NRF, wherein the NRF is a 5G NRF separate from the SEPP that stores NF profiles of producer NFs registered with the NRF and signaling with the NRF to obtain the first access token includes:
generating, by the SEPP, an access token request on behalf of the first consumer NF;
transmitting the access token request from the SEPP to the 5G NRF that is separate from the SEPP; and
receiving, by the SEPP and from the 5G NRF that is separate from the SEPP and upon successful validation of the access token request by the 5G NRF, an access token response including the first access token; and
using the first access token to enable the first consumer NF to access the service provided by the first producer NF, wherein using the first access token to access the service provided by the first producer NF includes inserting, the first access token in the first SBI request and forwarding, by the SEPP, the first SBI request to the first producer NF.
|