I'm trying to access Google Prediction API from App Engine and following instructions here -- https://developers.google.com/appengine/articles/prediction_service_accounts

This works great when deployed on App Engine. The same code, however, fails with the following error on the local devserver.

credentials = AppAssertionCredentials(
              scope='https://www.googleapis.com/auth/prediction')
http = credentials.authorize(httplib2.Http(memcache))
service = build("prediction", "v1.5", http=http, developerKey=api_key)

ERROR    2012-12-28 03:48:53,084 client.py:461] Failed to retrieve access token: {
  "error" : "invalid_grant"
}
ERROR    2012-12-28 03:48:53,115 cgi.py:121] Traceback (most recent call last):
  File "/Users/gkedia/git/thirdgaze/main.py", line 83, in <module>
    service = build('prediction', 'v1.5', http=http, developerKey=api_key)
  File "/Users/gkedia/git/thirdgaze/apiclient/discovery.py", line 175, in build
    resp, content = http.request(requested_url)
  File "/Users/gkedia/git/thirdgaze/oauth2client/client.py", line 503, in new_request
    self._refresh(request_orig)
  File "/Users/gkedia/git/thirdgaze/oauth2client/client.py", line 412, in _refresh
    self._do_refresh_request(http_request)
  File "/Users/gkedia/git/thirdgaze/oauth2client/client.py", line 472, in _do_refresh_request
    raise AccessTokenRefreshError(error_msg)
AccessTokenRefreshError: invalid_grant

One of the things I noticed was for the exact same parameters, key_name, signature = app_identity.sign_blob(base_str) returns different signature in production and on local machine.

My computer's time is sync'ed correctly and offline_access parameter doesn't seem to be involved yet.