I don't think getting rid of the 401 is wise. That said, I think that they could probably (and SHOULD probably) get rid of the WWW-Authenticate header that is sent by the server when that 401 is sent, as that is the header that causes browser pop ups.
Twitter, what say you? You would keep your existing functionality and greatly improve user experience in web-based apps. On Tue, Sep 29, 2009 at 14:54, cnunciato <cnunci...@gmail.com> wrote: > > I'm testing a Flash app that uses the Twitter API with oAuth, and I'm > noticing that if I revoke permissions manually on the app, or tweak my > access tokens deliberately, the call to verify_credentials.xml fails > and returns HTTP status 401. > > In a way this makes sense: 401 = unauthorized. But for browser-based > experiences, it's ugly and sort of useless, because what happens is > the user gets prompted with a basic-auth dialog that nothing can be > done with; even if the user were to think of trying to log in with it, > the attempt would fail, so the only thing to do, in the Flash world, > is hope the user clicks Cancel to close the dialog, and handle the > HTTP_STATUS event. Not the end of the world, but still, a pretty > crappy user experience. > > So my question is twofold. One, realizing of course this isn't a > Flash forum, but if anyone knows of a way to suppress these dialogs, > I'd appreciate some assistance figuring out how to code around that (I > don't believe there's a way, though).... But two, why use a 401 at > all, knowing a Web application will behave this way? Why not return > 200 with data indicating the call to verify_creds had succeeded, but > the credentials themselves were no longer valid? After all, the only > reason the call to verify_credentials fails is because the call itself > requires authentication, which is sort of weird, since the whole point > of using verify_credentials is to verify the credentials. > > Is there some way to get this changed -- even if it's only for Web > applications -- or some other less-crude approach to verifying > credentials? Anyone got any suggestions? > > Thanks in advance, > CN -- Internets. Serious business.