Oauth: problem of getting access token from TikTok

Question

We are implementing "Log in with Tiktok" on our website. We are able to redirect users to Tiktok and get user initial authorization according to the instructions on this link:

https://developers.tiktok.com/doc/login-kit-web/

However, when we follow the instructions on this TikTok page to get access token

https://developers.tiktok.com/doc/login-kit-manage-user-access-tokens

we always get this error:

{"data":{"captcha":"","desc_url":"","description":"Enter the correct parameter","error_code":10002},"message":"error"}

We are using Java and this is our code:

        URIBuilder builder = new URIBuilder("https://open-api.tiktok.com/oauth/access_token/");         
        HttpPost post = new HttpPost(builder.build()); 
        post.setHeader("code", code);
        post.setHeader("grant_type", "authorization_code");         
        post.setHeader("client_key", "client key goes here"));
        post.setHeader("client_secret", "client secret goes here");
        CloseableHttpClient httpclient = HttpClients.createDefault();
        HttpResponse httpResponse = httpclient.execute(post);

We found this related link at SO

TikTok Oauth - Parameter error (Login kit)

but have no idea of how to do it in Java. Anybody knows the correct way to obtain access token from TikTok in Java?

score 1 · Answer 1 · answered Jun 20 '23 at 15:53

I don't understand a lot of Java, but I think the first issue you have is because you're setting in the header:

   post.setHeader("code", code);

Instead, you should be setting them in the request body params.

But also, your endpoint is not deprecated. TikTok updated the endpoints for authorization. The new endpoint to retrieve the access token is:

https://open.tiktokapis.com/v2/oauth/token/

they also added an extra param beside the ones you have and so you also have to set the redirect_uri in the body params.

Reference: https://developers.tiktok.com/doc/oauth-user-access-token-management

score 1 · Answer 2 · answered Jun 23 '23 at 06:55

As answered by Karine, you are firstly setting the parameters in headers like this :

post.setHeader("code", code);
post.setHeader("grant_type", "authorization_code");         
post.setHeader("client_key", "client key goes here"));
post.setHeader("client_secret", "client secret goes here");

Instead, you should set them as x-www-form-urlencoded request body.

Also, note that the API has been changed by TikTok which is POST https://open.tiktokapis.com/v2/oauth/token/

// updated URL
URIBuilder builder = new URIBuilder("https://open.tiktokapis.com/v2/oauth/token/");         
HttpPost post = new HttpPost(builder.build());

// create list for form parameters
List<NameValuePair> urlParameters = new ArrayList<>();

// add form data
urlParameters.add(new BasicNameValuePair("code", code);
urlParameters.add(new BasicNameValuePair("grant_type", "authorization_code");
urlParameters.add(new BasicNameValuePair("client_key", "client key goes here");
urlParameters.add(new BasicNameValuePair("client_secret", "client secret goes here");
urlParameters.add(new BasicNameValuePair("redirect_uri", "client key goes here");

// set form data in HttpPost
post.setEntity(new UrlEncodedFormEntity(urlParameters));

// set Content-Type header as "application/x-www-form-urlencoded"
post.setHeader("Content-Type", "application/x-www-form-urlencoded");
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpResponse httpResponse = httpclient.execute(post);

Feel free to correct me if I am wrong somewhere.

Oauth: problem of getting access token from TikTok

2 Answers2