And as an addition to what D. Smith said: you're probably storing your users' token and token_secret somewhere. So if you do have a tokens are present, you know they have granted access before. Also, you can check the message in the headers. Twitter sends a 401 when access has been revoked, and last time I checked, the accompanying message was "Could not authenticate with OAuth." However, these error messages are not set in stone, and afaik they are not officially documented by Twitter.