feat: add TikTok integration with OAuth, Display API, and Content Publishing tools- Add 6 TikTok API tools: get_user, list_videos, query_videos, query_creator_info, direct_post_video, get_post_status- Add TikTok block with operation dropdown and conditional fields- Add TikTok icon component- Add TikTok OAuth provider config with token proxy for client_key/data wrapper quirks- Add TikTok token refresh support with client_key parameter- Register all tools, block, and OAuth provider configuration

Author: BillLeoutsakosvl346

apps/sim/app/api/auth/tiktok-token-proxy/route.ts

@@ -0,0 +1,30 @@
+import { NextResponse } from 'next/server'
+
+/**
+ * Proxy for TikTok's token endpoint.
+ * TikTok uses 'client_key' instead of 'client_id' and wraps responses in 'data'.
+ * This lets Better Auth's genericOAuth handle token persistence normally.
+ */
+export async function POST(request: Request) {
+  const body = await request.text()
+  const params = new URLSearchParams(body)
+
+  // TikTok expects 'client_key' instead of 'client_id'
+  const clientId = params.get('client_id')
+  if (clientId) {
+    params.delete('client_id')
+    params.set('client_key', clientId)
+  }
+
+  const response = await fetch('https://open.tiktokapis.com/v2/oauth/token/', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: params.toString(),
+  })
+
+  const json = await response.json()
+
+  // TikTok wraps the token response in 'data' - unwrap it for Better Auth
+  const tokenData = json.data || json
+  return NextResponse.json(tokenData)
+}

apps/sim/lib/auth/auth.ts

@@ -2496,62 +2496,40 @@ export const auth = betterAuth({
         },
 
         // TikTok provider
+        // Uses a local proxy for token exchange because TikTok requires 'client_key'
+        // instead of 'client_id' and wraps responses in 'data'.
+        // The proxy handles both quirks so Better Auth persists tokens normally.
         {
           providerId: 'tiktok',
-          clientId: env.TIKTOK_CLIENT_ID as string,
+          clientId: env.TIKTOK_CLIENT_KEY as string,
           clientSecret: env.TIKTOK_CLIENT_SECRET as string,
           authorizationUrl: 'https://www.tiktok.com/v2/auth/authorize/',
-          tokenUrl: 'https://open.tiktokapis.com/v2/oauth/token/',
-          scopes: [
-            'user.info.basic',
-            'user.info.profile',
-            'user.info.stats',
-            'video.list',
-            'video.publish',
-          ],
+          tokenUrl: `${getBaseUrl()}/api/auth/tiktok-token-proxy`,
+          scopes: ['user.info.basic', 'user.info.profile', 'user.info.stats', 'video.list'],
           responseType: 'code',
           redirectURI: `${getBaseUrl()}/api/auth/oauth2/callback/tiktok`,
+          authorizationUrlParams: {
+            client_key: env.TIKTOK_CLIENT_KEY as string,
+            scope: 'user.info.basic,user.info.profile,user.info.stats,video.list',
+          },
           getUserInfo: async (tokens) => {
-            try {
-              logger.info('Fetching TikTok user profile')
-
-              const response = await fetch(
-                'https://open.tiktokapis.com/v2/user/info/?fields=open_id,union_id,avatar_url,display_name',
-                {
-                  headers: {
-                    Authorization: `Bearer ${tokens.accessToken}`,
-                  },
-                }
-              )
-
-              if (!response.ok) {
-                logger.error('Failed to fetch TikTok user info', {
-                  status: response.status,
-                  statusText: response.statusText,
-                })
-                throw new Error('Failed to fetch user info')
-              }
-
-              const data = await response.json()
-              const profile = data.data?.user
-
-              if (!profile) {
-                logger.error('No user data in TikTok response')
-                return null
-              }
-
-              return {
-                id: `${profile.open_id}-${crypto.randomUUID()}`,
-                name: profile.display_name || 'TikTok User',
-                email: `${profile.open_id}@tiktok.user`,
-                emailVerified: false,
-                image: profile.avatar_url || undefined,
-                createdAt: new Date(),
-                updatedAt: new Date(),
-              }
-            } catch (error) {
-              logger.error('Error in TikTok getUserInfo:', { error })
-              return null
+            const response = await fetch(
+              'https://open.tiktokapis.com/v2/user/info/?fields=open_id,avatar_url,display_name,username',
+              { headers: { Authorization: `Bearer ${tokens.accessToken}` } }
+            )
+            const json = await response.json()
+            const profile = json.data?.user
+
+            if (!profile?.open_id) return null
+
+            return {
+              id: profile.open_id,
+              name: profile.display_name || profile.username || 'TikTok User',
+              email: `${profile.username || profile.open_id}@tiktok.user`,
+              emailVerified: false,
+              image: profile.avatar_url,
+              createdAt: new Date(),
+              updatedAt: new Date(),
             }
           },
         },

apps/sim/lib/core/config/env.ts

@@ -244,7 +244,7 @@ export const env = createEnv({
     SPOTIFY_CLIENT_ID:                     z.string().optional(),                  // Spotify OAuth client ID
     SPOTIFY_CLIENT_SECRET:                 z.string().optional(),                  // Spotify OAuth client secret
     CALCOM_CLIENT_ID:                      z.string().optional(),                  // Cal.com OAuth client ID
-    TIKTOK_CLIENT_ID:                      z.string().optional(),                  // TikTok OAuth client ID
+    TIKTOK_CLIENT_KEY:                     z.string().optional(),                  // TikTok OAuth client key (TikTok uses 'client_key' not 'client_id')
     TIKTOK_CLIENT_SECRET:                  z.string().optional(),                  // TikTok OAuth client secret
 
     // E2B Remote Code Execution

apps/sim/lib/oauth/oauth.ts

@@ -812,7 +812,6 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
           'user.info.profile',
           'user.info.stats',
           'video.list',
-          'video.publish',
         ],
       },
     },
@@ -832,6 +831,11 @@ interface ProviderAuthConfig {
    * instead of in the request body. Used by Cal.com.
    */
   refreshTokenInAuthHeader?: boolean
+  /**
+   * If true, use 'client_key' instead of 'client_id' in OAuth requests.
+   * TikTok uses this non-standard parameter name.
+   */
+  useClientKey?: boolean
 }
 
 /**
@@ -1158,8 +1162,9 @@ function getProviderAuthConfig(provider: string): ProviderAuthConfig {
       }
     }
     case 'tiktok': {
+      // TikTok uses 'client_key' instead of 'client_id'
       const { clientId, clientSecret } = getCredentials(
-        env.TIKTOK_CLIENT_ID,
+        env.TIKTOK_CLIENT_KEY,
         env.TIKTOK_CLIENT_SECRET
       )
       return {
@@ -1168,6 +1173,7 @@ function getProviderAuthConfig(provider: string): ProviderAuthConfig {
         clientSecret,
         useBasicAuth: false,
         supportsRefreshTokenRotation: true,
+        useClientKey: true,
       }
     }
     default:
@@ -1206,7 +1212,9 @@ function buildAuthRequest(
     headers.Authorization = `Basic ${basicAuth}`
   } else {
     // Use body credentials - include client credentials in request body
-    bodyParams.client_id = config.clientId
+    // TikTok uses 'client_key' instead of 'client_id'
+    const clientIdParam = config.useClientKey ? 'client_key' : 'client_id'
+    bodyParams[clientIdParam] = config.clientId
     if (config.clientSecret) {
       bodyParams.client_secret = config.clientSecret
     }
@@ -1280,8 +1288,10 @@ export async function refreshOAuthToken(
       throw new Error(`Failed to refresh token: ${response.status} ${errorText}`)
     }
 
-    const data = await response.json()
+    const raw = await response.json()
 
+    // TikTok wraps token responses in 'data'
+    const data = raw.data || raw
     const accessToken = data.access_token
 
     let newRefreshToken = null