The post for auth should accept 201 as a status code (not just 200).

[idyll]

Since the call is a post and auth credentials are being created a 201 is more appropriate.

Many people abuse 200 so you probably need to look for both.

Ideally:

xhr.status == 200 || xhr.status == 201

[stof]

The code should probably even accept any successful status code (i.e. any 2xx)

[pl]

Heh, this issue really got lost. I will add 201 to supported codes in the next major release. IMHO, codes 202-206 don't look like appropriate responses to auth requests.

[pl]

I had deeper look at RFC 2616 and 201 is not a correct response either:

The request has been fulfilled and resulted in a new resource being created. The newly created resource can be referenced by the URI(s) returned in the entity of the response, with the most specific URI for the resource given by a Location header field.

We're not really creating a resource in the auth call, so it can't be referenced later.

Sorry for the confusion.