I'm testing a Flash app that uses the Twitter API with oAuth, and I'm noticing that if I revoke permissions manually on the app, or tweak my access tokens deliberately, the call to verify_credentials.xml fails and returns HTTP status 401.
In a way this makes sense: 401 = unauthorized. But for browser-based experiences, it's ugly and sort of useless, because what happens is the user gets prompted with a basic-auth dialog that nothing can be done with; even if the user were to think of trying to log in with it, the attempt would fail, so the only thing to do, in the Flash world, is hope the user clicks Cancel to close the dialog, and handle the HTTP_STATUS event. Not the end of the world, but still, a pretty crappy user experience. So my question is twofold. One, realizing of course this isn't a Flash forum, but if anyone knows of a way to suppress these dialogs, I'd appreciate some assistance figuring out how to code around that (I don't believe there's a way, though).... But two, why use a 401 at all, knowing a Web application will behave this way? Why not return 200 with data indicating the call to verify_creds had succeeded, but the credentials themselves were no longer valid? After all, the only reason the call to verify_credentials fails is because the call itself requires authentication, which is sort of weird, since the whole point of using verify_credentials is to verify the credentials. Is there some way to get this changed -- even if it's only for Web applications -- or some other less-crude approach to verifying credentials? Anyone got any suggestions? Thanks in advance, CN
