XF 2.3 Issues with OAuth2 (no_api_key_in_request)

[Unique Username]

Hi there,

So I've spent almost 7 hours on this (yeah I know) and have finally decided to reach out for some assistance. I started by simply wanting to connect my XenForo installation to another platform however I had some issues because it required a "username" and I wasn't sure about field mapping. SO in an effort to troubleshoot and figure out the mapping I tried setting up Postman to make an OAuth2 request, after some help from my new and only friend AI I was able to get the tokens and such but haven't been able to move forward.

My main goal is to access /api/me using my OAuth2 setup and view the data of the particular user that was authorized. However, when I make a request to https://domain.com/api/me I get this joyful message:

{
    "errors": [
        {
            "code": "no_api_key_in_request",
            "message": "No API key was included in the request.",
            "params": []
        }
    ]
}

Now I have looked into these resources but haven't had much success:

• https://xenforo.com/community/pages/api-endpoints/#route_get_me_
• https://xenforo.com/community/threads/oauth2-user-info-endpoint.227109/ (Helped me discover /api/me for oauth)
• https://xenforo.com/community/threads/using-xf-2-3-oauth-provider.220754/#post-1676585 (I've done all solutions in this)

My possible thoughts on what is causing this:

• Either my postman configuration is not correct
• my server is preventing this from working, if so, any ideas what?

My current specs:

• PHP 8.4.3
• XF 2.3.5
• Site is protected by Cloudflare (but shouldn't be an issue as of right now).
• Friendly URLs are enabled.

Here is my Postman config:



Here's the line from my htaccess



Thank you for your time.

 

[Orit]

This api endpoint /api/me requires sending the api key (generated in the xenforo admin panel) as a header.
XF-api-key => ***

if your api key is a super user key, you may have to pass a header containing the user id:
XF-Api-User => ***

 

[Unique Username]

This api endpoint /api/me requires sending the api key (generated in the xenforo admin panel) as a header.
XF-api-key => ***

if your api key is a super user key, you may have to pass a header containing the user id:
XF-Api-User => ***

So to use OAuth2 and access the info of an authorized user I would also need an api key?

From the posts I was looking at, I was under the impression all you needed was an OAuth token.

 

[Unique Username]

This api endpoint /api/me requires sending the api key (generated in the xenforo admin panel) as a header.
XF-api-key => ***

if your api key is a super user key, you may have to pass a header containing the user id:
XF-Api-User => ***

Hey @Orit just wanted to follow up. Perhaps you can help me understand how OAuth2 works, in the highest level - my understanding was when you authorize the login, that will provide certain information back to the other platform to use for things like registering with your xenforo installation username, email etc.

From what you mentioned, it sounds like I would need to implement both the API and OAuth2?

 

[Orit]

Hey @Orit just wanted to follow up. Perhaps you can help me understand how OAuth2 works, in the highest level - my understanding was when you authorize the login, that will provide certain information back to the other platform to use for things like registering with your xenforo installation username, email etc.

From what you mentioned, it sounds like I would need to implement both the API and OAuth2?

I'm sorry I can't help with that, as I have no experience with using OAuth2.

Maybe @Chris D or @Jeremy P can help.

 

[Unique Username]

Hi there, is there anyone who can help me with this?

 

[Jeremy P]

Did you set up an OAuth client in the XenForo control panel and then use Postman's authorization settings to configure a new token with the correct URLs/client ID/secret/scope? And did this succeed?



This process should generate the correct headers for you. Yours should look similar, but with a different value for Authorization:



All you need to do from there is paste the endpoint in and send the request. You don't need anything in the request body.

 

[Unique Username]

Did you set up an OAuth client in the XenForo control panel and then use Postman's authorization settings to configure a new token with the correct URLs/client ID/secret/scope? And did this succeed?

Yes, I did; I also added the https://oauth.pstmn.io/v1/callback to my redirected URI. Not sure if that's correct. But to answer your question, it did not succeed. I'm able to see the authorizing screen and when I click authorize, I see the browser saying it's authorized but inside Postman, it says:

Error: [{"code":"required_input_missing","message":"Required input missing: client_id","params":{"missing":["client_id"]}}]

Browser:


Is adding the authorization data to the request header correct?

 

[Jeremy P]

Is adding the authorization data to the request header correct?

Postman should do this automatically for you during the configuration. You shouldn't need to do anything manually, you just add the client in XenForo and then follow the Postman setup process (see my screenshots for reference). I'm afraid if that doesn't work, I'm not sure why.

 

[Unique Username]

Postman should do this automatically for you during the configuration. You shouldn't need to do anything manually, you just add the client in XenForo and then follow the Postman setup process (see my screenshots for reference). I'm afraid if that doesn't work, I'm not sure why.

Thanks for the reply. I’ll try looking into it further, I appreciate your help.

 

[Unique Username]

After some help from @Jeremy P (thanks again) I was able to get this resolved. If you have the guest/unregistered user group Can View permission set to no, it won't work properly.