Hi Mihai,
I was under the impression that some calls return a 401, but others, like the atom feed for a reading list, will return a 302 and redirect to the login page. That is not the case anymore?
Currently I don't store the google password on the device and as it was never expired this was convenient and "secure" at the same time ;-) Now, with the recent change it might become inconvenient not to store the password.
I'd like to take this as the trigger to think about adopting the Android 2.0 accounts framework. It would be much safer anyway, if I don't get my hands on the password anymore. Consider what will happen if a NewsRob users gets his identity stolen? I am in a bad situation then. The new accounts framework is a Google provided way to deal with all kinds of authentications, one of them Google authentications, in a safe way.
I am able to use it to authenticate for Google Apps, but unfortunately the authToken I get looks and feels like a SID I get from ClientLogin, but doesn't work with Google Reader. I always get a 30x.
There is no documentation on how to use this framework with Google and no working sample code. I am wondering if you have an idea where to go from here? Anybody I can annoy with my questions and failing sample code?
Btw. word on the street is that the auth-domain should be "ah", which works up to the point to get an auth token, whereby other domains just throw an error. Any other string I could try?