Sorry I missed this question. Can you please tell me which language you are writing your system in?
The reason I ask is that getting OAuth right is tricky, and even if it appears to be working, may leave you open to various cryptographic attacks. The best bet is to use one of the client libraries we supply with our APIs. This has the advantage that you get to code against domain level representations, instead of raw URL params.
Hey everyone, I'm not real familiar with JSON and the Google API system, so bear with me please. I have no problem sending the user to the Google Auth page and getting an access_token returned, I am also able to send a request for tokeninfo and get a JSON response and verify that my client ID matches the audience; however, when I attempt to get a get a list of blogs from the user I get a 403 (Forbidden) response from Google.