How to make login more seamlessly 1. Go to XenForo AdminCP > Tools > [bd] API > Clients, click the Client for WordPress 2. Check the "Automatically authorize" boxes as needed 2a. If you want to skip the authorize form completely, check 3 boxes: READ, POST and CONVERSATE 2b. If you want to use sync logged-in cookie to work even for users who haven't connected, check 1 box: READ It's not recommended to automatically authorize ADMINCP for security reason.
XenForo API behind a Password Protected Directory If you put the `api` directory behind password (for testing purpose), you will need to perform some edit for it to work. OAuth2 library is not designed to work in such situation so after finish your testing, please revert the file back. File: library/bdApi/Lib/oauth2-php/OAuth2.inc Find #1: PHP: private function getAuthorizationHeader() { if (array_key_exists("HTTP_AUTHORIZATION", $_SERVER)) return $_SERVER["HTTP_AUTHORIZATION"]; if (function_exists("apache_request_headers")) { $headers = apache_request_headers(); if (array_key_exists("Authorization", $headers)) return $headers["Authorization"]; } return FALSE; } Replace with #1: PHP: private function getAuthorizationHeader() { return FALSE; } Find #2: PHP: protected function getClientCredentials() { if (isset($_SERVER["PHP_AUTH_USER"]) && $_POST && isset($_POST["client_id"])) $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_CLIENT); // Try basic auth if (isset($_SERVER["PHP_AUTH_USER"])) return array($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"]); // Try POST if ($_POST && isset($_POST["client_id"])) { if (isset($_POST["client_secret"])) return array($_POST["client_id"], $_POST["client_secret"]); return array($_POST["client_id"], NULL); } // No credentials were specified $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_CLIENT); } Replace with #2: PHP: protected function getClientCredentials() { // Try POST if ($_POST && isset($_POST["client_id"])) { if (isset($_POST["client_secret"])) return array($_POST["client_id"], $_POST["client_secret"]); return array($_POST["client_id"], NULL); } // No credentials were specified $this->errorJsonResponse(OAUTH2_HTTP_BAD_REQUEST, OAUTH2_ERROR_INVALID_CLIENT); }