Tiktok Auth sending client secret on login

Is this suited for github?

[x] Yes, this is the link to github issue

### To Reproduce

Just follow the docs

typescript:auth.ts
import { betterAuth } from "better-auth"

export const auth = betterAuth({
    socialProviders: {
        tiktok: { 
            clientSecret: process.env.TIKTOK_CLIENT_SECRET as string, 
            clientKey: process.env.TIKTOK_CLIENT_KEY as string, 
        }, 
    },
})

typescript:auth.ts
import { betterAuth } from "better-auth"

export const auth = betterAuth({
    socialProviders: {
        tiktok: { 
            clientSecret: process.env.TIKTOK_CLIENT_SECRET as string, 
            clientKey: process.env.TIKTOK_CLIENT_KEY as string, 
        }, 
    },
})

typescript:auth.ts
import { betterAuth } from "better-auth"

export const auth = betterAuth({
    socialProviders: {
        tiktok: { 
            clientSecret: process.env.TIKTOK_CLIENT_SECRET as string, 
            clientKey: process.env.TIKTOK_CLIENT_KEY as string, 
        }, 
    },
})

typescript:auth.ts
import { betterAuth } from "better-auth"

export const auth = betterAuth({
    socialProviders: {
        tiktok: { 
            clientSecret: process.env.TIKTOK_CLIENT_SECRET as string, 
            clientKey: process.env.TIKTOK_CLIENT_KEY as string, 
        }, 
    },
})

typescript:auth-client.ts
import { createAuthClient } from "better-auth/client"
const authClient =  createAuthClient()

const signIn = async () => {
    const data = await authClient.signIn.social({
        provider: "tiktok"
    })
}

typescript:auth-client.ts
import { createAuthClient } from "better-auth/client"
const authClient =  createAuthClient()

const signIn = async () => {
    const data = await authClient.signIn.social({
        provider: "tiktok"
    })
}

typescript:auth-client.ts
import { createAuthClient } from "better-auth/client"
const authClient =  createAuthClient()

const signIn = async () => {
    const data = await authClient.signIn.social({
        provider: "tiktok"
    })
}

typescript:auth-client.ts
import { createAuthClient } from "better-auth/client"
const authClient =  createAuthClient()

const signIn = async () => {
    const data = await authClient.signIn.social({
        provider: "tiktok"
    })
}

Current vs. Expected behavior

Current behavior

await fetch("https://XXX/api/auth/sign-in/social", {
    "body": "{\"provider\":\"tiktok\"}",
});

await fetch("https://XXX/api/auth/sign-in/social", {
    "body": "{\"provider\":\"tiktok\"}",
});

await fetch("https://XXX/api/auth/sign-in/social", {
    "body": "{\"provider\":\"tiktok\"}",
});

await fetch("https://XXX/api/auth/sign-in/social", {
    "body": "{\"provider\":\"tiktok\"}",
});

returns

{"url":"https://www.tiktok.com/v2/auth/authorize?scope=user.info.profile&response_type=code&client_key=XXX&client_secret=XXXXXXXXXXX&redirect_uri=https%3A%2F%2FXXX%2Fapi%2Fauth%2Fcallback%2Ftiktok&state=XXX","redirect":true}

{"url":"https://www.tiktok.com/v2/auth/authorize?scope=user.info.profile&response_type=code&client_key=XXX&client_secret=XXXXXXXXXXX&redirect_uri=https%3A%2F%2FXXX%2Fapi%2Fauth%2Fcallback%2Ftiktok&state=XXX","redirect":true}

{"url":"https://www.tiktok.com/v2/auth/authorize?scope=user.info.profile&response_type=code&client_key=XXX&client_secret=XXXXXXXXXXX&redirect_uri=https%3A%2F%2FXXX%2Fapi%2Fauth%2Fcallback%2Ftiktok&state=XXX","redirect":true}

{"url":"https://www.tiktok.com/v2/auth/authorize?scope=user.info.profile&response_type=code&client_key=XXX&client_secret=XXXXXXXXXXX&redirect_uri=https%3A%2F%2FXXX%2Fapi%2Fauth%2Fcallback%2Ftiktok&state=XXX","redirect":true}

Expected behavior

client_secret should not be sent over

What version of Better Auth are you using?

1.3.8

Which area(s) are affected? (Select all that apply)

Client
https://github.com/better-auth/better-auth/blob/e15113737a5e7b524c188fe07305fc8f310464ce/packages/better-auth/src/social-providers/tiktok.ts#L139

Auth config (if applicable)

import { betterAuth } from "better-auth"
export const auth = betterAuth({
  database: prismaAdapter(db, {
    provider: 'mysql',
  }),
  emailAndPassword: {
    enabled: false,
  },
  socialProviders: {
    tiktok: {
      // @ts-expect-error TikTok does not use clientId
      clientId: process.env.TIKTOK_CLIENT_ID as string,
      clientSecret: process.env.TIKTOK_CLIENT_SECRET as string,
      clientKey: process.env.TIKTOK_CLIENT_KEY as string,
    },
  },
});

import { betterAuth } from "better-auth"
export const auth = betterAuth({
  database: prismaAdapter(db, {
    provider: 'mysql',
  }),
  emailAndPassword: {
    enabled: false,
  },
  socialProviders: {
    tiktok: {
      // @ts-expect-error TikTok does not use clientId
      clientId: process.env.TIKTOK_CLIENT_ID as string,
      clientSecret: process.env.TIKTOK_CLIENT_SECRET as string,
      clientKey: process.env.TIKTOK_CLIENT_KEY as string,
    },
  },
});

import { betterAuth } from "better-auth"
export const auth = betterAuth({
  database: prismaAdapter(db, {
    provider: 'mysql',
  }),
  emailAndPassword: {
    enabled: false,
  },
  socialProviders: {
    tiktok: {
      // @ts-expect-error TikTok does not use clientId
      clientId: process.env.TIKTOK_CLIENT_ID as string,
      clientSecret: process.env.TIKTOK_CLIENT_SECRET as string,
      clientKey: process.env.TIKTOK_CLIENT_KEY as string,
    },
  },
});

import { betterAuth } from "better-auth"
export const auth = betterAuth({
  database: prismaAdapter(db, {
    provider: 'mysql',
  }),
  emailAndPassword: {
    enabled: false,
  },
  socialProviders: {
    tiktok: {
      // @ts-expect-error TikTok does not use clientId
      clientId: process.env.TIKTOK_CLIENT_ID as string,
      clientSecret: process.env.TIKTOK_CLIENT_SECRET as string,
      clientKey: process.env.TIKTOK_CLIENT_KEY as string,
    },
  },
});

GitHub

Tiktok Auth sending client secret on login · Issue #4509 · better...

Is this suited for github? Yes, this is suited for github To Reproduce Just follow the docs import { betterAuth } from "better-auth" export const auth = betterAuth({ socialProviders: { ti...

GitHub

better-auth/packages/better-auth/src/social-providers/tiktok.ts at ...

The most comprehensive authentication framework for TypeScript - better-auth/better-auth

Tiktok Auth sending client secret on login

Is this suited for github?

Current vs. Expected behavior

Current behavior

Expected behavior

What version of Better Auth are you using?

Which area(s) are affected? (Select all that apply)

Auth config (if applicable)

Similar Threads

Similar Threads

Similar Threads