For anyone else who has this problem, it is a mistake in how we're using this. When you initialize your token, pass in the site (with the http/https at the beginning):
consumer = OAuth::Consumer.new(app_id, app_secret,
{ :site => "https://" + Picasa.host,
:scheme => :header
})
then when you make a request, use only relative urls:
path = Picasa.path(options)
puts "Contacting: #{path}" # ==> Contacting: /data/feed/api/user/default?max-results=500&start-index=1&kind=photo&thumbsize
response = token.request(:get, path)
And it should all work great.
-Danny