Tiktok oauth request parameters are malformed

Question

I'm trying to exchange my authorization token for a bearer token. According to the docs it should be a application/x-www-form-urlencoded request. My code looks like this:

$res = Http::withHeaders([
    'Accept'       => 'application/json',
    'Content-Type' => 'application/x-www-form-urlencoded',
    'Cache-Control' => 'no-cache'
])->post('https://open.tiktokapis.com/v2/oauth/token/', [
    'client_id'    => 'my-client-id',
    'client_secret' => 'my-client-secret',
    'code'          => $request->code,
    'grant_type'    => 'authorization_code',
    'redirect_uri'  => 'https://example.com/callback/tiktok',
]);

I keep receiving:

{"error":"invalid_request","error_description":"The request parameters are malformed.","log_id":"20230621065239FB74CE96D69DA40A2B46"}

What could be going on here? Already tried contacting tiktok a week ago but no response.

Answer 1

I finally found the answer to this - at least in my case.

When upgrading to the V2 OAuth flow, I had only upgraded the token endpoint for the server (https://open-api.tiktok.com/oauth/access_token > https://open.tiktokapis.com/v2/oauth/token) but forgotten to add the /v2 path to the original authorization endpoint for the user. This is easy to miss as the websites look exactly the same.

v1/Legacy:

https://www.tiktok.com/auth/authorize?client_key=xxxx&redirect_uri=https://...

v2/:

https://www.tiktok.com/v2/auth/authorize?client_key=xxxx&redirect_uri=https://...

After changing this, I no longer receive the malformed parameters error and it seems to work as expected. Leaving this here in case it helps someone else. I don't know how I missed this when it's in the migration guide.