TikTok OAuth Provider

Descope allows you to create custom Social Login (OAuth) providers within the Authentication Methods page. This allows you to add any Social OAuth authentication within your application. This guide specifically covers the step by step configuration of a custom TikTok OAuth provider.

Creating the TikTok Application

Before creating the custom OAuth provider within the Descope console, you must create and configure an application within your TikTok developer account. You can follow the TikTok App Guide for details on creating your application.

When you create your app within TikTok, you must configure the redirect URI. Set the redirect URI to be https://<your-base-url>/v1/oauth/callback. You can find your project's base url in our Multi-Region Support Guide.

Creating Descope Custom Provider

You can configure a custom provider in the Descope Console. Under Authentication Methods -> Social Login, select + Add custom provider in the top right corner. You can then set the name (in this case, "TikTok"), logo, and description for your custom provider.

Create custom provider

Configure Account Settings

Within the account settings section of your provider, you will configure the following items:

  • Client ID: This is the Client Key of the application created within TikTok. TikTok uses a non standard format, so will need to use custom parameter keys in the connection settings.
  • Client Secret: This is the Client Secret of the application created within TikTok
  • Scopes: These are the configured scopes granted to Descope for the user within TikTok. Scopes provides users using third-party apps the confidence that only the information they choose to share will be shared. The minimum needed scope for Descope to be able to capture the user's email and basic account details from TikTok is user.info.basic.

Custom TikTok OAuth provider account settings configured within Descope

Configure Connection Settings

Within the account settings section of your provider, you will configure the following items:

  • Authorization Endpoint: The endpoint to request authorization from the user. For TikTok, this endpoint is https://www.tiktok.com/v2/auth/authorize/.
  • Add an authorization parameter key client_key and paste the value from the account setting's Client Key.
  • Token Endpoint: The endpoint to exchange the authorization code for an access token. For TikTok this endpoint is https://open.tiktokapis.com/v2/oauth/token/.
  • Add a token parameter key client_key and paste the value from the account setting's Client Key.
  • User Info Endpoint: The endpoint to get user details for attribute mapping. For TikTok, this endpoint is https://open.tiktokapis.com/v2/user/info/?fields=union_id,display_name,avatar_url. To query more fields, append the field name to this url. Read more about scopes and fields.

Custom TikTok OAuth provider connection settings configured within Descope

Configure User Attribute Mapping

Given the user.info.basic scope, Descope can capture any items from the user info endpoint response. Per the below example, we have mapped the following:

  • data.user.union_id -> Login ID (mandatory)
  • data.user.display_name -> Display Name (optional)
  • data.user.avatar_url -> Picture (optional)

Custom TikTok OAuth provider user attribute mapping configured within Descope

For more OAuth provider settings information, check out the OAuth Settings Guide. To add TikTok Social Login to your flow, check out our Social Login In Flows Guide.

Was this helpful?

On this page