I'm testing a Flash app that uses the Twitter API with oAuth, and I'm
noticing that if I revoke permissions manually on the app, or tweak my
access tokens deliberately, the call to verify_credentials.xml fails
and returns HTTP status 401.

In a way this makes sense:  401 = unauthorized.  But for browser-based
experiences, it's ugly and sort of useless, because what happens is
the user gets prompted with a basic-auth dialog that nothing can be
done with; even if the user were to think of trying to log in with it,
the attempt would fail, so the only thing to do, in the Flash world,
is hope the user clicks Cancel to close the dialog, and handle the
HTTP_STATUS event.  Not the end of the world, but still, a pretty
crappy user experience.

So my question is twofold.  One, realizing of course this isn't a
Flash forum, but if anyone knows of a way to suppress these dialogs,
I'd appreciate some assistance figuring out how to code around that (I
don't believe there's a way, though).... But two, why use a 401 at
all, knowing a Web application will behave this way?  Why not return
200 with data indicating the call to verify_creds had succeeded, but
the credentials themselves were no longer valid?  After all, the only
reason the call to verify_credentials fails is because the call itself
requires authentication, which is sort of weird, since the whole point
of using verify_credentials is to verify the credentials.

Is there some way to get this changed -- even if it's only for Web
applications -- or some other less-crude approach to verifying
credentials?  Anyone got any suggestions?

Thanks in advance,

Reply via email to