'TikTok Login Kit: Illegal redirect link
I am having a look at the new TikTok Login Kit for Web and am stuck on the redirect step.
Similarly to all oAuth-based services out there, when you register your app, they should ask for valid redirect URLs. In the case of TikTok, they ask for redirect domains, as shown below:
Then, based on their official documentation, you just need to call
- Client Key is the key provided
- Redirect is https://testing.mydomain.com/signup/tiktok (which is one of the approved domains as per the screenshot above)
- State is a Unique String
I get to the TikTok authorization page, confirm, then instead of being redirected to https://testing.mydomain.com/signup/tiktok I receive the following error:
{"data":{"captcha":"","desc_url":"","description":"Illegal redirect link","error_code":10006},"message":"error"}
Tested multiple times, also adding a final slash to the redirect URL (https://testing.mydomain.com/signup/tiktok/ ) in case it was a requirement, but always get the same error.
Also tried with the production domain in case they check if the domain can be reached from public network.
Solution 1:[1]
After researching this for a couple of hours and tried Andrea's workaround, it just seems that TikTok fixed their issues and now it works as expected. So, for anyone searching a solution to this issue, I managed to get it working with the following values:
Callback URL:
https://example.com/auth
*Redirect domain
example.com
dev.example.com
Solution 2:[2]
Turns out "Redirect Domain" actually means "Redirect URL". If you add the full URL of the redirect (in my case https://testing.mydomain.com/signup/tiktok/) it'll work.
It's probably just a labelling issue... it's a full URL, not just the domain.
Update: Please refer to @mariussabo new answer as this has been fixed.
Solution 3:[3]
Ran into this question as well while I was filling out the Tiktok developer application form. For anyone else that has the same question, it seems like the redirect domains field should be any redirect domains that your app will use. So for example, prod.example.com and dev.example.com would both be fine to include there. However, Callback URL is actually meant to be your webhook endpoint, so it should be something like https://dev.example.com/webhook-endpoint.
Reference: https://developers.tiktok.com/doc/webhooks-overview.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | mariussabo |
| Solution 2 | |
| Solution 3 | Beverly |