Important
The seamless-backchannel flow is subject to strict governance and will not be granted without justification.
The seamless-backchannel authentication allows a service to get a user token without the user going through the authentication process, i.e. not involving the user to get an access token carrying his/her credentials.
It must be used in very specific cases, usually when asking by mail a user to review a product they bought. If the user has to login manually they might not bother and might not give feedback.
The seamless-backchannel flow is subject to strict governance and will not be granted without justification.
The seamless-backchannel process has two major steps:
This token is a custom JWT containing the following:
Its a usual member access token. It lives 15mn then expires. It represents the credentials of the user.
POST | /connect/token/generator/seamless-backchannel |
Name | Description | Required |
---|---|---|
Authorization | 'Bearer ' + access token from the prerequisites. | Yes |
Content-type | application/json | Yes |
x-api-key | The API key you can find in your Login subscription plan in APIm (Gravitee). The API key is a uuid4. | Yes |
Parameter | Description | Required |
---|---|---|
client_id | The client id of client B. | Yes |
scopes |
A list of scopes to set in the exchangeable token.
If specified, the auto-approved scopes of the client B must contains every scope of this parameter. If not specified, all the auto-approved scopes of the client B are set in the exchangeable token. |
No |
Parameter | Description | Required |
---|---|---|
data | An array of member-ids. The number of member-ids must be between 1 and 10000. | Yes |
curl --request POST --location 'https://api-eu.preprod.decathlon.net/connect/token/generator/seamless-backchannel?client_id=CLIENT_ID&scopes=SCOPES' \
--header 'Authorization: Bearer TOKEN' \
--header 'Content-Type: application/json' \
--header 'x-api-key: API_KEY' \
--data DATA
curl --request POST --location 'https://api-eu.preprod.decathlon.net/connect/token/generator/seamless-backchannel?client_id=dkconnect&scopes=sports%2Ccontacts%2Cphone' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJpZGVudGl0eTpzZWVrIiwibGVnYWwtZW50aXR5IiwiaWRlbnRpdHk6c2VuZGNvZGUiLCJpZGVudGl0eTp3cml0ZSIsInRva2VuLWV4Y2hhbmdlOnNlYW1sZXNzLWJhY2tjaGFubmVsIiwidG9rZW4tZXhjaGFuZ2UiLCJpZGVudGl0eSIsImlkZW50aXR5OnNlYXJjaCIsImVtYWlsIiwiaWRlbnRpdHk6Y3JlYXRlIiwiZW1haWw6d3JpdGUiLCJzcG9ydHMiLCJvcGVuaWQiLCJpZGVudGlmaWVycyIsInByb2ZpbGUiLCJpZGVudGl0eTpzaWduaW4iLCJ0b2tlbi1nZW5lcmF0b3I6c2VhbWxlc3MtYmFja2NoYW5uZWwiLCJwcm9maWxlOndyaXRlIiwiaWRlbnRpdHk6dmFsaWRhdGUiLCJhY2NvdW50OnBhc3N3b3JkIiwicGhvbmUiLCJwZXJzb24iLCJzcG9ydHM6d3JpdGUiLCJjb250YWN0cyIsImNvbnRhY3RzOndyaXRlIiwiaWRlbnRpdHk6bG9naW4iXSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5OTk5IiwiZXhwIjoxNjc2NDUwNzgyLCJpYXQiOjE2NzY0NDk4ODIsImp0aSI6ImtMb1M3YWxZVExZaERXNW4ybnVqV3RVenY3SSIsImNsaWVudF9pZCI6ImRrY29ubmVjdCJ9.UxZsIIxHk7tXCFWYGA8DlhdtIwl_hIiGRMGi1Yb4-zoVRII4CrEDAY0kmnoEQ_RW-_7TMc5EZqPm7sESgEhmR2cv4AskeRuvTIrlv6vPf5d_JdPRpDjRQfYNg2ui5swuTeipLuS6qkx3o3VBmcOF77ELI2KZoHw24_Rfqva6PlMsBuEWHF1lebmOGyLpUlmFpENjgqZykvHNtC9xt6tn2f2_T9TmfqW14alpeHL6CQp14Agyldh1I-LQpGEq3K6eF91KoJjSrIdP37lDQOPBFfTtaz09SksqJlXRQGcSuBwVtxzuqdtvZuvTMAX3IuIMciOxntrL0Yo40ieigG0U6w' \
--header 'Content-Type: application/json' \
--header 'x-api-key: 3e91a0af-0029-4a9b-b2f8-05713e997fdb' \
--data '[
"7233cd9b-6557-4edb-8f3b-a6ff08a60402",
"dfa16f9e-7d9b-4243-acd5-7d64b9a1add3"
]'
In response you will get a JSON object who is a map of member-id: exchangeable token
{
"7233cd9b-6557-4edb-8f3b-a6ff08a60402": "eyJraWQiOiJtYWluIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiI3MjMzY2Q5Yi02NTU3LTRlZGItOGYzYi1hNmZmMDhhNjA0MDIiLCJzY29wZSI6WyJzcG9ydHMiLCJjb250YWN0cyIsInBob25lIl0sImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTk5OSIsImV4cCI6MTY3NjQ4NTA3OCwiaWF0IjoxNjc2NDg0MTc4LCJqdGkiOiJjYzFlYzljNC1jNTM0LTQ0MWItOGM2OS0zYTJhNzg2ZTFjNTUiLCJjbGllbnRfaWQiOiJka2Nvbm5lY3QifQ.lxJc7_aKuFqZAidj5E2ryMjw2yv4hNWSjPB5G2M4xxk48-NNTbDisBzbnffol5I3D7FrpgtB8E-4Cp6twl698XqkCCsIP_ncAF_8c8lU3dZqEluHPwu57CwhRVeoYv7D0aNhD91HqqJZGgJmZifEMQAIbHFvahuKFzrfg5Dq3vvzg7yJWHbD82W7M1IitWyeOtKtZGsnPkBcAtUxM6UpTzvdmtx1EIuAZWI1EP9otYdEiVoqu0B8M2UNDEhuDYyNBfKlga4zN7bkyvCSClfMv1g3xnQdgtRNs_nGNrlYRei85fomtPZJrtVvqDyH6YCGdoWeT-48MYTX2vLCCfv94A",
"dfa16f9e-7d9b-4243-acd5-7d64b9a1add3": "eyJraWQiOiJtYWluIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJkZmExNmY5ZS03ZDliLTQyNDMtYWNkNS03ZDY0YjlhMWFkZDMiLCJzY29wZSI6WyJzcG9ydHMiLCJjb250YWN0cyIsInBob25lIl0sImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTk5OSIsImV4cCI6MTY3NjQ4NTA3OCwiaWF0IjoxNjc2NDg0MTc4LCJqdGkiOiIzZTI0ZTcyYy04MDBlLTQxODEtOWUxYy03OTEyM2U5NDc1ZWYiLCJjbGllbnRfaWQiOiJka2Nvbm5lY3QifQ.VFuJTJo_gIlEX55kSz7Za-nZmXHT7knHUfiBA8mMDw8ywj9pgfHj99L9ayujEk9O70JUJgVJOUgwaGsSoZeM4zTr0VbXpJ02m6wzeSy6M8aGXXbIV75TwwT-BSsZokeauL6wyHu9S94YWFM3tpMNA7sPzmAYkzBdTuzmkeGZejf2KgxOMXgUJ5PsDSlGDXc7MsXo8TzSVyechNgABqxbzv0qhkLVeSyv16_rTNl58Qh5OOCnEWQwjZdV2bGO-IyvQS_a9an6BuCaZ3tu8ihdZnk-2Pcgkae-hYcvBUXfN1gaH_JOWY2rOo2QK4en96mjMbthJOkTBrYBnLS_p-CjCg"
}
POST | /connect/token/exchange |
Name | Description | Required |
---|---|---|
Authorization |
Two choices:
|
Yes |
Content-Type | application/x-www-form-urlencoded | Yes |
Parameter | Description | Required |
---|---|---|
grant_type | urn:ietf:params:oauth:grant-type:token-exchange | Yes |
exchange_type | urn:decathlon:params:oauth:exchange-type:seamless-backchannel-exchange | Yes |
subject_token_type | urn:ietf:params:oauth:token-type:jwt | Yes |
subject_token | The exchangeable token obtained in step 1. | Yes |
requested_token_type | urn:ietf:params:oauth:token-type:access_token | Yes |
curl --location --request POST 'http://LOGIN_DOMAIN/connect/token/exchange' \
--header 'Authorization: Basic BASE64_AUTH' --header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'subject_token_type=urn:ietf:params:oauth:token-type:jwt' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'exchange_type=urn:decathlon:params:oauth:exchange-type:seamless-backchannel-exchange' \
--data-urlencode 'subject_token=SUBJECT_TOKEN' \
--data-urlencode 'requested_token_type=urn:ietf:params:oauth:token-type:access_token'
curl --location --request POST 'https://api-global.preprod.decathlon.net/connect/token/exchange' \
--header 'Authorization: Basic Y2xpZW50OnNlY3JldA==' --header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'subject_token_type=urn:ietf:params:oauth:token-type:jwt' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \
--data-urlencode 'exchange_type=urn:decathlon:params:oauth:exchange-type:seamless-backchannel-exchange' \
--data-urlencode 'subject_token=eyJraWQiOiJnZW5lcmF0b3IiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI3MjMzY2Q5Yi02NTU3LTRlZGItOGYzYi1hNmZmMDhhNjA0MDIiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvdG9rZW4vZXhjaGFuZ2UiLCJzY29wZSI6WyJzcG9ydHMiLCJjb250YWN0cyIsInBob25lIl0sImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTk5OSIsImV4cCI6MTY3NjkxMjczMiwiaWF0IjoxNjc2OTExODMyLCJqdGkiOiJmZGFlMjk4YS0wMWJjLTQ1ZTItYTUxYS02MTFiZmNmMTIzZTEiLCJjbGllbnRfaWQiOiJka2Nvbm5lY3QifQ.k_DQ4a5Dx-nqj0chjA1ouiYjGmBBwpHBFgBLGbYdbV8ma4xuU7YmcNnr3nQ448g2nJvr-VYchX7ZzM0ACMjVxSP3-LzWNF-MzxqV4nzoBnk-uW4T4mxETxXurco3BYlEYfllpNqk7xXxizLWQgMZupE6xFmAnOG7gbSVA4tGBDRuDNR1l19xVdBFwAxjXudhgPkvM7dbthrooQ_pxBEgObHoAw3aK2fY9k94hG5-ruk3Ngu303HUcPcH5cVAeqTXaZ-5cVpmA4gJjYNfdBMohswXpLMS_kZ51RDD6_yOIzk8u6mrglxYpFf6kXAVz1KCcjIgIcxi8p3U8QQyiQQF7Q' \
--data-urlencode 'requested_token_type=urn:ietf:params:oauth:token-type:access_token'