From 939907a880f39bf59834be90a4e782707fd5b96b Mon Sep 17 00:00:00 2001
From: ctfang <andy89923@gmail.com>
Date: Mon, 26 Feb 2024 10:40:39 +0800
Subject: [PATCH] Guide: Add configuration of OAuth2

---
 docs/guide/Configuration.md       | 26 +++++++++++++++++++++++++-
 docs/guide/OAuth2/OAuth2Design.md |  2 +-
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/docs/guide/Configuration.md b/docs/guide/Configuration.md
index 9ea97193..7514c854 100644
--- a/docs/guide/Configuration.md
+++ b/docs/guide/Configuration.md
@@ -4,9 +4,18 @@
 
 ## SBI Configuration
 
+### NF IP
+
 There are registerIP and bindingIP design on every NF's sbi interface.
 
-![SBI interface](https://i.imgur.com/IB0cqqP.png)
+```yaml
+configuration:
+  sbi: # Service-based interface information
+    scheme: http # the protocol for sbi (http or https)
+    registerIPv4: 127.0.0.18 # IP used to register to NRF
+    bindingIPv4: 127.0.0.18  # IP used to bind the service
+    port: 8000 # port used to bind the service
+```
 
 This is due to some orchestration, such as Kubernetes or OpenStack, has the design of service IP mapping.
 
@@ -16,6 +25,21 @@ Use Kubernetes as an example. K8s has the service type that enable users to defi
 
 If you are not sure what IP you should set, just configure it as the same IP address.
 
+### OAuth2
+
+- Enable OAuth2 setting in NRF config (nrfcfg.yaml):
+```yaml
+configuration:
+  sbi: # Service-based interface information
+    oauth: true
+```
+- Set NRF's certificate path in each NF:
+```yaml
+configuration:
+    nrfCertPem: cert/nrf.pem # NRF Certificate
+```
+- For more detailed information about OAuth2 in free5GC, please refer to the [Design Document](./OAuth2/OAuth2Design.md).
+
 ## Sample configuration
 
 We provide a sample config to connect to outer ran under `/sample/ran_attach_config/`. The architecture is as following.
diff --git a/docs/guide/OAuth2/OAuth2Design.md b/docs/guide/OAuth2/OAuth2Design.md
index 4674bf75..ee6531e8 100644
--- a/docs/guide/OAuth2/OAuth2Design.md
+++ b/docs/guide/OAuth2/OAuth2Design.md
@@ -87,7 +87,7 @@ We use part of the SMF code, for explanation.
     - Validating the access token when there is a service request, the NF must use the NRF's public key to ensure security. So, we have to tell the NF the location of the NRF certificate. (We can retrieve the Public key from the certificate).  
     ```yaml
     configuration:
-    nrfCertPem: cert/nrf.pem # NRF Certificate
+      nrfCertPem: cert/nrf.pem # NRF Certificate
     ```
 
     - We apply ```AuthorizationCheck()``` via ```router.use()```. (Take the Nsmf_pdusession service, for example).