TikTok Auth

Important: TikTok requires HTTPS — it does not work on http://localhost. Use ngrok or a staging environment for testing. TikTok also uses clientKey (not clientId) — this is handled automatically by BetterStarter.

Note: TikTok does not provide email addresses. The user's username is used as a fallback for the email field. The user.info.profile scope is required for this to work.

1. Create a TikTok App

1. Go to the TikTok Developer Portal and click Manage Apps → Create App
2. Fill in the app details
3. Enable a Sandbox environment for testing
4. Under Login Kit, configure your Redirect URI (must be HTTPS):
   • https://yourdomain.com/api/auth/callback/tiktok
5. After saving, copy the Client Key and Client Secret from the app settings

For local development, use a tool like ngrok to expose your local server over HTTPS, then add the ngrok URL as a redirect URI.

2. Set Environment Variables

# .env.local
# Note: TikTok uses TIKTOK_CLIENT_KEY (not CLIENT_ID)
TIKTOK_CLIENT_KEY=your-client-key
TIKTOK_CLIENT_SECRET=your-client-secret

3. Enable in Config

In src/appConfig.ts set:

tiktok: { enabled: true },

4. Test

Deploy to a staging environment with HTTPS and navigate to /auth/sign-in. A Sign in with TikTok button will appear.

Production Checklist

• Request production access for the scopes your app uses in the TikTok Developer Portal
• Add your production redirect URI to the app configuration

Troubleshooting

• redirect_uri_mismatch — TikTok requires the redirect URI to exactly match and be HTTPS
• No email on user — this is expected; TikTok doesn't provide emails. The username is used as a stand-in
• No TikTok button — check TIKTOK_CLIENT_KEY and TIKTOK_CLIENT_SECRET are set and tiktok.enabled is true