We’re trying to set up an OAuth flow with XenForo acting as the server and WordPress as the client. When we call the authorization endpoint ( https://xenforo-domain/forums/oauth2/authorize ), we successfully receive the authorization code.
However, when we make the second API call to the token endpoint (https://xenforo-domain/forums/api/oauth2/token), we receive the following error:
"You do not have permission to view this page or perform this action."
I have been engaged with the client support for weeks now with no solution. We've searched the forums and tried multiple fixes without anything working. it just keeps resulting in an invalid token received error. I've included the debug log, and the support team at MiniOrange have requested we request support here as well.
Full debug log
However, when we make the second API call to the token endpoint (https://xenforo-domain/forums/api/oauth2/token), we receive the following error:
"You do not have permission to view this page or perform this action."
I have been engaged with the client support for weeks now with no solution. We've searched the forums and tried multiple fixes without anything working. it just keeps resulting in an invalid token received error. I've included the debug log, and the support team at MiniOrange have requested we request support here as well.
Full debug log
This is the miniOrange OAuth plugin Debug Log file[2025-05-22 09:35:08 UTC] : Grant: Authorization Code Grant
[2025-05-22 09:35:08 UTC] : state parameter sent
[2025-05-22 09:35:08 UTC] : Authorizaion Endpoint => https://rockm.plus/forums/oauth2/au...E1NzlkN2M4NGM5ODRkNWE4MGY0YzZiOGYwZDQ2OWMifX0
[2025-05-22 09:35:12 UTC] : Flow redirected back to OAuth plugin.
[2025-05-22 09:35:12 UTC] : Array
(
Code:=> FVU21FJCHRWiMPgYVEO025VnXwKUuZfk [state] => eyI2MTcwNzA2ZTYxNmQ2NSI6eyJWIjoiNTg2NTZlNjY2ZjcyNmYiLCJIIjoiNmI3ZjhjNTFlMTU3OGUxMTZhZWE4NjVlYmM0NTZmZjQifSwiNzI2NTY0Njk3MjY1NjM3NDVmNzU3MjY5Ijp7IlYiOiIyZjJmNmM2ZjYzNjE2YzY4NmY3Mzc0MmY3NzcwNWY3MDczMmY3NzZmNzI2NDcwNzI2NTczNzMyZiIsIkgiOiIxNDUyNDY3YjBjMjRkNjg3ODY5MjM1NjYzNGZiZDQ0NyJ9LCI3NDY1NzM3NDVmNjM2ZjZlNjY2OTY3Ijp7IlYiOiI3NDcyNzU2NSIsIkgiOiI2MDI1YmI2MjUxZWZiN2NiNTZhOWQ0YTg4YjA5MWJmYSJ9LCI3Mzc0NjE3NDY1NWY2ZTZmNmU2MzY1Ijp7IlYiOiIzNjM1MzEzMjYyNjQzNDMzNjQzOTYzNjE2MTM2NjUzMDMyNjMzOTM5MzA2MjMwNjEzODMyMzYzNTMyNjQ2MzYxIiwiSCI6IjcyNjdlODc3OTg2OGI4NWNhMzIyYTVlOTlmN2Y1ZGM2In0sIjc1Njk2NCI6eyJWIjoiNDQ0NjM4NTY0YjRhNGYzNTQ2NDQ0ODVhNDE1MjQyNTIzNTVhNDQ1MzMyNTYzNTRhMzYzNjU1MzI0ZTQ0NTIiLCJIIjoiOGE1NzlkN2M4NGM5ODRkNWE4MGY0YzZiOGYwZDQ2OWMifX0 ) [2025-05-22 09:35:12 UTC] : Set storage manager from state [2025-05-22 09:35:12 UTC] : Application Configured: Xenforo [2025-05-22 09:35:12 UTC] : OAuth flow [2025-05-22 09:35:12 UTC] : Token request content => [2025-05-22 09:35:12 UTC] : Token endpoint URL => https://rockm.plus/forums/api/oauth2/token [2025-05-22 09:35:12 UTC] : body => [2025-05-22 09:35:12 UTC] : Array ( [grant_type] => authorization_code [redirect_uri] => http://localhost/wp_ps/wordpress [code] => FVU21FJCHRWiMPgYVEO025VnXwKUuZfk [scope] => user:read ) [2025-05-22 09:35:12 UTC] : headers => [2025-05-22 09:35:12 UTC] : Array ( [Accept] => application/json [charset] => UTF - 8 [Content-Type] => application/x-www-form-urlencoded [Authorization] => Basic ODY4Mzg5NjQxMzkyMTQ1NjpEV0YxdUxBZG9RUVNfY1ROWUFhRWNfaWNnY2E4dHFBYQ== ) [2025-05-22 09:35:13 UTC] : Raw response from token endpoint: [2025-05-22 09:35:13 UTC] : Array ( [headers] => WpOrg\Requests\Utility\CaseInsensitiveDictionary Object ( [data:protected] => Array ( [keep-alive] => timeout=5, max=100 [x-powered-by] => PHP/8.3.20 [xf-latest-api-version] => 1 [xf-used-api-version] => 1 [xf-request-user] => 0 [expires] => Thu, 19 Nov 1981 08:52:00 GMT [cache-control] => private, no-cache, max-age=0 [vary] => Accept-Encoding [content-type] => application/json; charset=utf-8 [content-length] => 143 [content-encoding] => gzip [date] => Thu, 22 May 2025 09:35:13 GMT [server] => LiteSpeed [x-turbo-charged-by] => LiteSpeed ) ) [body] => { "errors": [ { "code": "do_not_have_permission", "message": "You do not have permission to view this page or perform this action.", "params": [] } ] } [response] => Array ( [code] => 403 [message] => Forbidden ) [cookies] => Array ( ) [filename] => [http_response] => WP_HTTP_Requests_Response Object ( [data] => [headers] => [status] => [response:protected] => WpOrg\Requests\Response Object ( [body] => { "errors": [ { "code": "do_not_have_permission", "message": "You do not have permission to view this page or perform this action.", "params": [] } ] } [raw] => HTTP/1.1 403 Forbidden keep-alive: timeout=5, max=100 x-powered-by: PHP/8.3.20 xf-latest-api-version: 1 xf-used-api-version: 1 xf-request-user: 0 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: private, no-cache, max-age=0 vary: Accept-Encoding content-type: application/json; charset=utf-8 content-length: 143 content-encoding: gzip date: Thu, 22 May 2025 09:35:13 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close { "errors": [ { "code": "do_not_have_permission", "message": "You do not have permission to view this page or perform this action.", "params": [] } ] } [headers] => WpOrg\Requests\Response\Headers Object ( [data:protected] => Array ( [keep-alive] => Array ( [0] => timeout=5, max=100 ) [x-powered-by] => Array ( [0] => PHP/8.3.20 ) [xf-latest-api-version] => Array ( [0] => 1 ) [xf-used-api-version] => Array ( [0] => 1 ) [xf-request-user] => Array ( [0] => 0 ) [expires] => Array ( [0] => Thu, 19 Nov 1981 08:52:00 GMT ) [cache-control] => Array ( [0] => private, no-cache, max-age=0 ) [vary] => Array ( [0] => Accept-Encoding ) [content-type] => Array ( [0] => application/json; charset=utf-8 ) [content-length] => Array ( [0] => 143 ) [content-encoding] => Array ( [0] => gzip ) [date] => Array ( [0] => Thu, 22 May 2025 09:35:13 GMT ) [server] => Array ( [0] => LiteSpeed ) [x-turbo-charged-by] => Array ( [0] => LiteSpeed ) ) ) [status_code] => 403 [protocol_version] => 1.1 [success] => [redirects] => 0 [url] => https://rockm.plus/forums/api/oauth2/token [history] => Array ( ) [cookies] => WpOrg\Requests\Cookie\Jar Object ( [cookies:protected] => Array ( ) ) ) [filename:protected] => ) ) [2025-05-22 09:35:13 UTC] : Response body: [2025-05-22 09:35:13 UTC] : { "errors": [ { "code": "do_not_have_permission", "message": "You do not have permission to view this page or perform this action.", "params": [] } ] } [2025-05-22 09:35:13 UTC] : Decoded response: [2025-05-22 09:35:13 UTC] : Array ( [errors] => Array ( [0] => Array ( [code] => do_not_have_permission [message] => You do not have permission to view this page or perform this action. [params] => Array ( ) ) ) ) [2025-05-22 09:35:13 UTC] : Invalid token received. [/QUOTE]
