In most cases, XAuth is not the right solution. Vimeo only provides access to XAuth on an extremely limited basis.
It looks like you might be using XAuth in an attempt to hard code a user into your app. For this very use case Vimeo provides an access token on your application page. It is much better to hard code a token than a username/password pair.