TS29509_Nausf_UEAuthentication.yaml

openapi: 3.0.0
info:
  version: 1.0.1
  title: AUSF API
  description: OpenAPI specification for AUSF
servers:
  - url: '{apiRoot}/nausf-auth/v1'
    variables:
      apiRoot:
        default: https://example.com
        description: apiRoot as defined in subclause subclause 4.4 of 3GPP TS 29.501.

security:
  - {}
  - oAuth2ClientCredentials:
      - nausf-auth
paths:
  /ue-authentications:
    post:
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuthenticationInfo'
        required: true
      responses:
        '201':
          description: UEAuthenticationCtx
          content:
            application/3gppHal+json:
              schema:
                $ref: '#/components/schemas/UEAuthenticationCtx'
          headers:
            Location:
              description: 'Contains the URI of the newly created resource according to the structure: {apiRoot}/nausf-auth/v1/ue-authentications/{authCtxId}'
              required: true
              schema:
                type: string

        '400':
          description: Bad Request from the AMF
          content:
            application/problem+json:
              schema:
                $ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
        '403':
          description: Forbidden due to serving network not authorized
          content:
            application/problem+json:
              schema:
                $ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
        '500':
          description: Internal Server Error
          content:
            application/problem+json:
              schema:
                $ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
  /ue-authentications/{authCtxId}/5g-aka-confirmation:
    put:
      parameters:
        - name: authCtxId
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ConfirmationData'
      responses:
        '200':
          description: Request processed (EAP success or Failure)
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ConfirmationDataResponse'
                
        '400':
          description: Bad Request
          content:
            application/problem+json:
              schema:
                $ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
        '500':
          description: Internal Server Error
          content:
            application/problem+json:
              schema:
                $ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
  /ue-authentications/{authCtxId}/eap-session:
    post:
      operationId: EapAuthMethod
      parameters:
        - name: authCtxId
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EapSession'
      responses:
        '200':
          description: Use to handle or close the EAP session
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EapSession'
                
            application/3gppHal+json:
              schema:
                type: object
                properties:
                  eapPayload:
                    $ref: '#/components/schemas/EapPayload'
                  _links:
                    type: object
                    description: 'URI : /{eapSessionUri}'
                    additionalProperties:
                      $ref: 'TS29571_CommonData.yaml#/components/schemas/LinksValueSchema'
                    minProperties: 1
                required:
                  - eapPayload
                  - _links
        '400':
          description: Bad Request
          content:
            application/problem+json:
              schema:
                $ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
        '500':
          description: Internal Server Error
          content:
            application/problem+json:
              schema:
                $ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
components:
  securitySchemes:
    oAuth2ClientCredentials:
      type: oauth2
      flows: 
        clientCredentials: 
          tokenUrl: '{nrfApiRoot}/oauth2/token'
          scopes:
            nausf-auth: Access to Nausf_UEAuthentication API
  schemas:
    AuthenticationInfo:
      type: object
      properties:
        supiOrSuci:
          $ref: 'TS29503_Nudm_UEAU.yaml#/components/schemas/SupiOrSuci'
        servingNetworkName:
          $ref: 'TS29503_Nudm_UEAU.yaml#/components/schemas/ServingNetworkName'
        resynchronizationInfo:
          $ref: 'TS29503_Nudm_UEAU.yaml#/components/schemas/ResynchronizationInfo'
        traceData:
          $ref: 'TS29571_CommonData.yaml#/components/schemas/TraceData'
      required:
        - supiOrSuci
        - servingNetworkName
    UEAuthenticationCtx:
      type: object
      properties:
        authType:
          $ref: '#/components/schemas/AuthType'
        5gAuthData:
          oneOf:
            - $ref: '#/components/schemas/Av5gAka'
            - $ref: '#/components/schemas/EapPayload'
        _links:
          type: object
          additionalProperties:
            $ref: 'TS29571_CommonData.yaml#/components/schemas/LinksValueSchema'
        servingNetworkName:
          $ref: 'TS29503_Nudm_UEAU.yaml#/components/schemas/ServingNetworkName'
      required:
        - authType
        - 5gAuthData
        - _links
    
    Av5gAka:
      type: object
      required:
        - rand
        - hxresStar
        - autn
      properties:
        rand:
          $ref: 'TS29503_Nudm_UEAU.yaml#/components/schemas/Rand'
        hxresStar:
          $ref: '#/components/schemas/HxresStar'
        autn:
          $ref: 'TS29503_Nudm_UEAU.yaml#/components/schemas/Autn'
    ConfirmationData:
      type: object
      required:
        - resStar
      properties:
        resStar:
          $ref: '#/components/schemas/ResStar'
    ConfirmationDataResponse:
      type: object
      properties:
        authResult:
          $ref: '#/components/schemas/AuthResult'
        supi:
          $ref: 'TS29571_CommonData.yaml#/components/schemas/Supi'
        kseaf:
          $ref: '#/components/schemas/Kseaf'

      required:
        - authResult
    EapSession:
      type: object
      properties:
        eapPayload:
          $ref: '#/components/schemas/EapPayload'
        kSeaf:
          $ref: '#/components/schemas/Kseaf'
        _links:
          type: object
          additionalProperties:
            $ref: 'TS29571_CommonData.yaml#/components/schemas/LinksValueSchema'
        authResult:
          $ref: '#/components/schemas/AuthResult'
        supi:
          $ref: 'TS29571_CommonData.yaml#/components/schemas/Supi'
      required:
        - eapPayload

    AuthResult:
      type: string
      enum:
        - AUTHENTICATION_SUCCESS
        - AUTHENTICATION_FAILURE
        - AUTHENTICATION_ONGOING
    EapPayload:
      type: string
      format: base64
      description: contains an EAP packet
    Kseaf:
      type: string
      pattern: '[A-Fa-f0-9]{64}'
    ResStar:
      type: string
      pattern: '[A-Fa-f0-9]{32}'
      nullable: true
    HxresStar:
      type: string
      pattern: "[A-Fa-f0-9]{32}"
    AuthType:
      anyOf:
        - type: string
          enum:
            - 5G_AKA
            - EAP_AKA_PRIME
            - EAP_TLS
        - type: string
externalDocs:
  description: 3GPP TS 29.509 V15.3.0; 5G System; 3GPP TS Authentication Server services.
  url: http://www.3gpp.org/ftp/Specs/archive/29_series/29.509