Skip to main content
TikTok for DevelopersTikTok for Developers

Docs

Login Kit for Android

Overview

This guide details how to enable authentication from your Android app to TikTok. After successfully completing authentication with TikTok, users will be able to access basic user data (display name and avatar). Additional permissions will require approval from the developer portal.

Prerequisites

Please obtain a client key and secret from the developer portal on https://developers.tiktok.com under "My apps". Please start with the steps in the Quickstart Guide.

Obtain MD5 Hex Digest for Developer Portal Application

While registering for Android application on the Developer Portal, you'll be asked to submit a signing key for your Android app. That signing key is the MD5 hex digest of your installed release application which will be used as the signature. It looks similar to something like: 114326e82c81e639a52e5c023100f12a.

There are 2 methods for obtaining the signature of the Android installation package.

  1. Obtained in the code, but you need to know the package name of the installation package.
PackageManager manager = getPackageManager();
/** Get the package information of the specified package name including the signature through the package manager **/
PackageInfo packageInfo = null;
try {
    packageInfo = manager.getPackageInfo("your package name", PackageManager.GET_SIGNATURES);
} catch (PackageManager.NameNotFoundException e) {
    e.printStackTrace();
}

/** Get the signature array through the returned package information **/
Signature[] signatures = packageInfo.signatures;
String ss = MD5.hexdigest(signatures[0].toByteArray());
if(ss != null) {
    Toast.makeText(this, "signature" + ss, Toast.LENGTH_LONG).show();
} else {
    Toast.makeText(this, "No signature", Toast.LENGTH_LONG).show();
}

/** Create an MD5 tool class **/
public class MD5 {
    private static final char[] hexDigits = { 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 97, 98, 99, 100, 101, 102 };

    public static String hexdigest(String paramString) {
        try {
            String str = hexdigest(paramString.getBytes());
            return str;
        } catch (Exception localException) {
        }
        return null;
    }

    public static String hexdigest(byte[] paramArrayOfByte) {
        try {
            MessageDigest localMessageDigest = MessageDigest.getInstance("MD5");
            localMessageDigest.update(paramArrayOfByte);
            byte[] arrayOfByte = localMessageDigest.digest();
            char[] arrayOfChar = new char[32];
            int i = 0;
            int j = 0;
            while (true) {
                if (i >= 16)
                    return new String(arrayOfChar);
                int k = arrayOfByte[i];
                int m = j + 1;
                arrayOfChar[j] = hexDigits[(0xF & k >>> 4)];
                j = m + 1;
                arrayOfChar[m] = hexDigits[(k & 0xF)];
                i++;
            }
        } catch (Exception localException) {
        }
        return null;
    }
}
  1. Inside of a terminal, enter the directory where *.jks is located, then enter into the command line:
keytool -list -v -keystore [xxx] -keypass [xxx]

Get the output MD5 value, then remove the ":" to obtain the 32 signature we need.

Android Integration

1 Authorization Request

  1. Create TiktokOpenApi to send an auth request.
  1. Create Authorization.Request instance and set required parameters: request.scope = user.info.basic (You can use optional params with a comma separated list here as well if you are approved for those permissions), request.state = "xxx" (used to maintain the status of your request and callback, do check if the state param returned in callback matches what you sent earlier)
  1. Call method authorize() in TiktokOpenApi .
// 1. Create TiktokOpenApi
TiktokOpenApi tiktokOpenApi= TikTokOpenApiFactory.create(this);

// 2. Create Authorization.Request instance
Authorization.Request request = new Authorization.Request();
    request.scope = "user.info.basic";
    request.state = "xxx";
    return tiktokOpenApi.authorize(request);

// 3. Start Authorization
tiktokOpenApi.authorize(request);

After a successful authorization, the user will be brought back to your app via the TikTokEntryActivity.

1 Receive Callbacks

We provide two ways for you to receive the callback data from TikTok.

  1. Create new activity named "TikTokEntryActivity" in your app and implement TikTokApiEventHandler interface.

Note: The path of the activity should be your "package name" + .tiktokapi.TikTokEntryActivity. For example, "com.tiktok.opensdk.tiktokapi.TikTokEntryActivity".

The following example shows how to use the TikTokEntryActivity to receive the callback data.

class TikTokEntryActivity extends Activity implements IApiEventHandler {

   TiktokOpenApi ttOpenApi;
   @Override
   public void onCreate(@Nullable Bundle savedInstanceState) {
       super.onCreate(savedInstanceState);
       ttOpenApi= TikTokOpenApiFactory.create(this);
       ttOpenApi.handleIntent(getIntent(),this); // receive and parse callback
   }
   @Override
   public void onReq(BaseReq req) {
   }
   @Override
   public void onResp(BaseResp resp) {
       if (resp instanceof Authorization.Response)  {
          Authorization.Response response = (Authorization.Response) resp;
          Toast.makeText(this, " code:" + response.errorCode + " errorMessage:" + response.errorMsg, Toast.LENGTH_SHORT).show();
      }
   }
   @Override
   public void onErrorIntent(@Nullable Intent intent) {
       Toast.makeText(this, "Intent Error", Toast.LENGTH_LONG).show();
   }
}
  1. You can also customize your own activity to receive the callback; just implement the interface IApiEventHandler and set your activity path by using parameter "callerLocalEntry".
// request.callerLocalEntry = "com.xxx.xxx...activity";

If you want to receive callbacks when people stay in TikTok, please register to receive a broadcast:

public static final String ACTION_STAY_IN_TT = "com.aweme.opensdk.action.stay.in.dy";

3 Obtain Access Token

Using the code got back from callback, you can obtain an access_token for the user, which completes the Login with TikTok flow.

See Manage User Access Tokens for access_token related endpoints.

Security Advisory

The URL to complete authentication looks like this: https://open-api.tiktok.com/oauth/access_token/?client_key={clientKey}&client_secret={clientSecret}&grant_type=authorization_code&code={code}

If you notice, one of the query parameters in this URL is the client_secret. It is NOT safe to have this client secret on your application or to make this request from your app. We highly recommend keeping the client secret on the server, creating a wrapper API to send the code and client key to your server, and from your server, make this request.

Handling Errors

For error handling and debugging, please view the list of Error Codes