Login: "App certificate does not match configurations"

[Wulff-1996]

I'm using the TikTok SDK to sign in with TikTok.

I have added both the MD5 and SHA256 hashes in the TikTok console and followed the steps in this guide: https://developers.tiktok.com/doc/login-kit-android-quickstart-v2/. I did this for both my local debug key and the production keystore used to sign our app. I tried building for production as well, but I see this error in all cases and I am unable to proceed with the integration.

We used the legacy version of the Android SDK before, which is still in production and still works!

I'm able to authorize with TikTok and open the TikTok app via this code:

val authApi = AuthApi(activity = context)

val codeVerifier = PKCEUtils.generateCodeVerifier()
SharedPreferenceManager.instanceCache.save(
    SettingsItemKey.SETTINGS_ITEM_KEY_TIKTOK_CODE_VERIFIER,
    codeVerifier
)
val request = AuthRequest(
    clientKey = CLIENT_KEY,
    scope = SCOPES,
    redirectUri = REDIRECT_URL,
    codeVerifier = codeVerifier
)

authApi.authorize(
    request = request,
    authMethod = AuthApi.AuthMethod.TikTokApp
)

My app then opens again with this TikTok intent: https://my-domain-here.tld?error=invalid_client&errCode=10033&error_description=App%20certificate%20does%20not%20match%20configurations.

This intent is then handled by the TikTok SDK:

val response = AuthApi(context).getAuthResponseFromIntent(
    intent = intent,
    redirectUrl = REDIRECT_URL
)

And the reponse is:

{
      authCode: ""
      state: null
      grantedPermissions: ""
      errorCode: 0
      errorMsg: null
      extras: null
      authError: null
      authErrorDescription: null
      isSuccess: true
}

I don't know what the error means and I cannot find any documentation on error code 10033. It would appear that the SDK does not know what to do with this either, as it says isSuccess: true and errorCode: 0 while having no authCode, which makes no sense.

[haifano]

1. If your app's debug and release builds are signed with different keystores, you will need to register different client keys for them on TikTok Developers website, and register the MD5 and SHA256 certificate under the corresponding client key.
2. The response was not parsed correctly. Please put breakpoints in this function to see which line gets triggered so we can further debug this issue together.

[Wulff-1996]

1. This does not really make sense. We only have one app on TikTok. On there, we can add multiple SHA256 and MD5 hashes; one for the production keystore and one for the debug/development keystore. We added both. It works on neither production nor debug. The bundle ID is the same, of course. If we use a different client key, we would need a separate app? Note that this worked fine on the older SDK, where we only added the MD5 (of both prodution and debug).

2. It would appear that you are expecting the redirect URI to be equal to this:

 redirectUrl == "${data.scheme}://${data.host}"

• but the redirectUrl from the data is the full URL, including query params, so it's never going to match:

Should it not be "begins with"-logic and not ==?

[nickdnk]

Above message was hastily written. A few clarifications:

The redirect URI is passed into the function by us. It's the full path, including scheme and domain, i.e. https://domain.com/api/mobile_tiktok_redirect, but the comparison expects the redirect URI to be just scheme://host, not including path, i.e. https://domain.com, so it jumps down to the bottom if-block. I don't know if this is intentional.

And when we wrote Bundle ID, we meant Android Package Name. Bundle ID is the iOS equivalent.

[hanswimtj]

Same problem.

[liliangxin]

I have the same problem

[FightLi1017]

I have the same problem Do you know what's going on now?

[liliangxin]

You can delete a SHA-256 and try it out. I saved my APK signature information and then logged in to use it. It may be a bug in the TikTok configuration. @FightLi1017

[nickdnk]

You can delete a SHA-256 and try it out. I saved my APK signature information and then logged in to use it. It may be a bug in the TikTok configuration. @FightLi1017

Can you elaborate on this? We can't delete the SHA-256 - we need it there. Do you mean adding a random SHA and removing it again?

[Wulff-1996]

It works for me now using version 2.0.3. :)

[liliangxin]

You can delete a SHA-256 and try it out. I saved my APK signature information and then logged in to use it. It may be a bug in the TikTok configuration. @FightLi1017

Can you elaborate on this? We can't delete the SHA-256 - we need it there. Do you mean adding a random SHA and removing it again?

I have this issue because I have configured two SHA256, and after deleting one, I can log in and use it. Perhaps TikTok can only be configured with one. When I only configure SHA256 on Google Play and upload it for internal testing channels to test TikTok login, I can successfully log in.

[nickdnk]

You can delete a SHA-256 and try it out. I saved my APK signature information and then logged in to use it. It may be a bug in the TikTok configuration. @FightLi1017

Can you elaborate on this? We can't delete the SHA-256 - we need it there. Do you mean adding a random SHA and removing it again?

I have this issue because I have configured two SHA256, and after deleting one, I can log in and use it. Perhaps TikTok can only be configured with one. When I only configure SHA256 on Google Play and upload it for internal testing channels to test TikTok login, I can successfully log in.

Alright. We changed nothing on the app console. Updating the SDK to 2.0.3 fixed it.

[andy7076]

same problem; v2.0.3 not working for me.

[sunny635533]

same issue in V2.0.3. https://github.com/tiktok/tiktok-opensdk-android/issues/19