TikTok Auth Mobile
TikTok Auth Mobile helps you to create TikTok authentication for your Android and iOS users.
Strapi plugin TikTok Auth Mobile
TikTok Auth Mobile helps you to create TikTok authentication for your Android and iOS users.
It uses the official TikTok API get-user-info to get the user profile and create a Strapi user based on that information.
NOTE: Since an email is required to create a user in Strapi, this plugin creates a pseudo-email like ${user.union_id}@tiktok.com
for users who logged in/registered using this plugin.
How it works
TikTok Authentication happens on the device via the Continue with TikTok
button and then the client application should send code
to the server. The server will retrieve access_token
for the user with code from Tiktok API and send redirect to universal link that is associated with your app, passing the access-token
in query parameters. And then the client application should send access_token
to the server.
Because TikTok does not expose a publicly available JWKS (JSON Web Key Set) URL in the same way that authentication providers like Google or Apple do, this plugin is not able to validate received token. Instead of token validation plugin uses this token to fetch user info from TikTok official API get-user-info.
If TikTok API returns a user user for provided access_token
, then a Strapi user will be created.
If the user is already in the database, an authenticated session for the user is established.
More info can be found here: https://developers.tiktok.com/doc/login-kit-manage-user-access-tokens/
Features
- Ability to authenticate users via mobile devices using TikTok API
- JWT Authentication for users using Strapi default user-permission collection
- Secure
Activate the Plugin
Add the following in config/plugins.js
of you Strapi application:
1module.exports = {
2 'tiktok-auth-mobile': {
3 enabled: true
4 },
5};
Configuration
https://developers.tiktok.com/doc/getting-started-create-an-app
Create a TikTok app from the TikTok developers portal.
Select Platforms: Android and iOS or Web, configure required options for both platforms
Add
Login Kit
Product and set Redirect URI for all your platforms. Redirect URI is the link e.g. https://api.example.com/api/tiktok-auth-mobile/callback, where api.example.com is the domain where your strapi app is deployed, and /api/tiktok-auth-mobile/callback - is the path to endpoint in the plugin that will handle obtaining tiktok access_token from it's API.Add
user.info.profile
into Scopes (it also should containuser.info.profile
).If you are using sandbox mode, then add a TikTok user account into Sandbox settings -> Target Users (https://developers.tiktok.com/doc/add-a-sandbox).
In your strapi .env file make sure to add variables from .env.example:
# your TikTok Developer App key and secret https://developers.tiktok.com/apps
CLIENT_KEY="your-key"
CLIENT_SECRET="your-secret"
# url that will receive access token on client
# where example.com - is the associated domain for your app
# and /redirect is a specific path that will handle sending access_token to the server to authenticate
REDIRECT_APP_URL="https://example.com/redirect"
# your strapi server url
STRAPI_URL="https://api.example.com"
How to use
Obtain the authorization code in your app
Here you can find instructions for your platform: https://developers.tiktok.com/doc/login-kit-overview
Fetch an access token using an authorization code
After obtaining the authorization code it will redirect to https://api.example.com/api/tiktok-auth-mobile/callback, providing scopes, state, code to the callback endpoint, so it will use them to get the access token from https://open.tiktokapis.com/v2/oauth/token/ OAuth endpoint. Do not forget to set your env variables (CLIENT_KEY, CLIENT_SECRET, REDIRECT_APP_URL, STRAPI_URL), otherwise the plugin will not work and demand you to set them. The Client Key and Client Secret can be obtained when setting your TikTok Developer App. The STRAPI_URL is the domain where your Strapi app is deployed (localhost is not accepted). And REDIRECT_APP_URL is the universal link for handling access_token, that your app can open.
After obtaining the access_token it will send it in the query parameter access_token back to your app, and your app will be able to open the link https://example.com/redirect?access_token=***.
https://developers.tiktok.com/doc/oauth-user-access-token-management
If there was an error during obtaining token, it will redirect to your app with parameter error, which will contain error description.
https://example.com/redirect?error=***
You can handle this in your app, show it to the user, allow them to try again.
Authenticate User
The client retrieves a TikTok access_token
via the universal link https://example.com/redirect?access_token=***.
Send the user's access_token
to your server using HTTPS.
Then, on the server, we fetch the user profile information and use this information to establish a session (issue a JWT) or create a new account.
In this example https://api.example.com - is the url for your strapi server.
1 {
2 method: 'POST',
3 path: 'https://api.example.com/api/tiktok-auth-mobile/connect',
4 data: {
5 access_token: TOKEN
6 }
7 }
The example response:
1{
2 "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6NCwiaWF0IjoxNzUzMDc5Njk2LCJleHAiOjE3NTU2NzE2OTZ9.KhfAmvlGnx_ghWRBzKvvBn70gdpfgeG-bHMFe1XsLik",
3 "user": {
4 "id": 4,
5 "documentId": "z6249d07b3m9oexz7f9u0ntd",
6 "username": "user1262767453070",
7 "email": "0cc3832e-4f61-5958-89b5-8bb8ae9b6225@tiktok.com",
8 "provider": "tiktok",
9 "confirmed": true,
10 "blocked": false,
11 "createdAt": "2025-07-21T06:34:56.292Z",
12 "updatedAt": "2025-07-21T06:34:56.292Z",
13 "publishedAt": "2025-07-21T06:34:56.293Z"
14 }
15}
If the TikTok user does not exist, an error will be returned:
1{
2 "data": null,
3 "error": {
4 "status": 400,
5 "name": "ApplicationError",
6 "message": "User does not exist.",
7 "details": {}
8 }
9}
If the TikTok API rejects the access_token
, an error will be returned:
1{
2 "data": null,
3 "error": {
4 "status": 400,
5 "name": "ApplicationError",
6 "message": "Failed to fetch TikTok user: Request failed with status code 401",
7 "details": {}
8 }
9}
If the TikTok API returns some error, an error will be returned: See: https://developers.tiktok.com/doc/tiktok-api-v2-get-user-info#response (error: Error Object)
1{
2 "data": null,
3 "error": {
4 "status": 400,
5 "name": "ApplicationError",
6 "message": "Some error description from TikTok API",
7 "details": {}
8 }
9}
Report Bugs/Issues
Any bugs/issues you may face can be submitted as issues in the Github repo.
Install now
npm install strapi-plugin-tiktok-auth-mobile
Create your own plugin
Check out the available plugin resources that will help you to develop your plugin or provider and get it listed on the marketplace.