I have a desktop Java application that communicates with a GAE server. The client application signs in to the server using OAuth 1.0 with signpost via the provided endpoints (appname.appengine.com/_ah/OAuthGetAccessToken and the like) with consumerkey and consumersecret set to "anonymous" and scope set to the GAE domain. The login process appears to be working fine:
At this point, I have a seemingly valid token and token secret. If I use these to sign a request to the GAE server, I get an OAuthRequestException when identifying the user:
OAuthService oauthService = OAuthServiceFactory.getOAuthService();
try {
user = oauthService.getCurrentUser();
if (user != null) {
ri.userName = user.getEmail();
}
} catch (OAuthRequestException t) {
t.printStackTrace();
}
This used to work fine until this morning. I am using a modified version of the Chrome to Phone GAE backend. I noticed that Chrome to Phone is having the same issue: I cannot login to the service anymore, so I don't believe this is an error on the client side. Logins don't show up in the Google Connected Sites, Apps, and Services console. Here is a link to the affected line in Chrome to Phone's GAE service: Chrome2Phone affected source.
I already tried registering the application in the Google API console and provided comsumer key and secret, with the same result.
This isn't exactly an answer, but I'm seeing the same new behavior on a python app engine app using the built-in oauth provider libs (google.appengine.api.oauth). Existing saved tokens continue to work, but requesting a new token and then using it to call a protected service results in a InvalidOAuthTokenError. This is with unchanged consumer and provider code that worked flawlessly until last night (approximately midnight CST).