Also known as machine to machine, this flow allow an application to authenticate itself as an application.

You need to have a client-id with the client-credentials grant type authorized.

If you have not already done so, request for your application creation.

Only one step for this flow, to retrieve an access token you have to make POST request with your CLIENT_ID and CLIENT_SECRET :

curl --location 'http://api-eu.preprod.decathlon.net/connect/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--form 'grant_type="client_credentials"' \
--form 'client_id="clientid"' \
--form 'client_secret="clientsecret"'
                                                    
                                                

That will return the following response (elements in square brackets are Placeholders) :

{
    "access_token": "[JWT]",
    "token_type": "bearer",
    "expires_in": 899,
    "scope": "[SCOPES]",
    "jti": "[TOKEN IDENTIFIER]"
}
                                                
                                            

Response example with values :

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJwcm9maWxlOndyaXRlIiwiZW1haWw6d3JpdGUiLCJzcG9ydHMiLCJvcGVuaWQiLCJwcm9maWxlIiwic3BvcnRzOndyaXRlIiwiZW1haWwiXSwiaXNzIjoiaHR0cHM6Ly9hcGktZXUucHJlcHJvZC5kZWNhdGhsb24ubmV0L2Nvbm5lY3QiLCJleHAiOjE2Mjc1NDYwODQsImlhdCI6MTYyNzU0NTE4NCwianRpIjoiM2NheDJkZlk0dnF0NUlTM3VIU3l1T1RTMTlBIiwiY2xpZW50X2lkIjoiMDk5ZDIzMDUtM2NkMi00YjE1LThlNTctMTc3NDdiZjJjMGEyIn0.TVKxvx8bNbfnJaqiyBZrpdE_F4mjdxV3bNkq3aTrUoZGQk1sjrCgZkobETnNwrcBp5iH0DWK05qJeO2SakeeV87dleNbhXuEdKiFe91rdTs0Nm-EEiieS552FIucZE6eO44wy0CvnsMPgAi2NsEp_-1X24gW2Cpzvvjs8ZH9y5W3eTac2EgUUeONwc2v_IQ56SlOgKIuqCd8S1Ni-homoBucofVGPmdfxw2-VCqgkWx0sEEZruuxV6nIag6M8-AK633EMJBmcR67VYfpV1N02zZNJkJ2QUHfV-JFRiMXHx-IMbCdQKxlRW5zlXfmM_2hNGKo7P_cE6X7ETJBB8AxdA",
    "token_type": "bearer",
    "expires_in": 899,
    "scope": "profile:write email:write sports openid profile sports:write email",
    "jti": "3cax2dfY4vqt5IS3uHSyuOTS19A"
}