Well hm, one case of this is going to be a bit more difficult than I thought it was going to be :/
It turns out that we already send vaguely meaningful messages in plain text in the response body when a token is invalid for some reason. But xmlrpclib doesn't look at the response body at all when the response code is != 200 (contrary to the http rfc's suggestion, it turns out).
We can certainly give better messages when there is token but should be and when the token is for a user that does not have the magic permission bit set though.
Well hm, one case of this is going to be a bit more difficult than I thought it was going to be :/
It turns out that we already send vaguely meaningful messages in plain text in the response body when a token is invalid for some reason. But xmlrpclib doesn't look at the response body at all when the response code is != 200 (contrary to the http rfc's suggestion, it turns out).
We can certainly give better messages when there is token but should be and when the token is for a user that does not have the magic permission bit set though.