Is app_identity.get_access_token supposed to work in development environment?

Question

I use this code to access Google APIs from my GAE app:

scope = "https://www.googleapis.com/auth/urlshortener"
authorization_token, _ = app_identity.get_access_token(scope)

It works well with production environment and doesn't work in development environment:

Using token InvalidToken:https://www.googleapis.com/auth/urlshortener:77.5780799389 to represent identity test@localhost
('Call failed. Status code %s. Body %s', 401L, '{\n "error": {\n  "errors": [\n   {\n    "domain": "global",\n    "reason": "authError",\n    "message": "Invalid Credentials",\n    "locationType": "header",\n    "location": "Authorization"\n   }\n  ],\n  "code": 401,\n  "message": "Invalid Credentials"\n }\n}\n')

Is there any workaround I could apply (but not implementing OAuth from scratch)?

Upd. Another approach to access Google APIs from development environment also doesn't work:

credentials = AppAssertionCredentials(scope='https://www.googleapis.com/auth/analytics.readonly')
http = credentials.authorize(httplib2.Http(memcache))
service = build('analytics', 'v3', http=http)
response = service.management().accounts().list().execute()
logging.info(response)

Answer 1

Actually, dev_appserver.py recently added some arguments to make appidentity work during local testing. See Unable to access BigQuery from local App Engine development server for details.

Answer 2

The reason it works on appspot.com is because it uses the automatically created App Engine service account. Since the service account is associated with the app engine instance on which it is running, it's authority can be guaranteed. When you are running locally, there is no service account - how can they know you are debugging your own app as opposed to anyone else's?

If you want to run your code locally, you will need to implement OAuth, which actually is only a few lines of code anyway.