Focus on your Service,
We care about authentication !

Context

Decathlon wants to offer a unique experience for each sport user. To do it we need to know/recognize our sport user: his habits, his wishes, his practices…
We must offer him personalized services. Data is key.
To associate all his data to a unique sport user, it has to exist an identification and a unique entry point common to all the services :
That’s the role of Decathlon Login
Global Process
global process


Link to the Terms & Services


How to Implement ?


Authorization Code Flow

The algorithm returns an authorization code and then retrieves tokens:

  • tokens are returned only through the token interface
  • the recovery of an access token is done in two steps:
    • a code is returned by the authorization interface
    • this code is sent by the client to the token interface
  • applies very well to mobile, web and back-end applications


Most implemented algorithm.

Implicit Flow

The algorithm directly returns the tokens.

  • tokens are returned directly by the authorization interface
  • there is no notion of Refresh Token
  • long-lived tokens are not allowed

Algorithm for Javascript type applications, SPA Single Page Application (without back-end).


Usefull Tips !


Refresh your Access Tokens

A Refresh Token is a special kind of token that contains the information required to obtain a new Access Token

LogOut

You want to provide a logout button ?

Authentication with API

Why we won't support Resource Owner Password Credentials Flow?

Terms & Services