I have had users complaining today (and I verified on my own) that the previously working app fails to log in. The error message is "Empty AppID". Verifying via sniffing and the code itself, for the account/lookup.php method, I have never passed the AppID or a signature to the lookup account call, only gettoken calls. Nowhere in any of my notes do I have this, and everything just stopped working today. Please tell me this was a change on your end and that I am not insane?
I can see to fix I just need to use AppID and MD5(email+apptoken), but as you can see I have a lot of users of my app, and I don't have that code!
The documentation for the account/lookup.php API method has always indicated that you need to authenticate using an AppID and signature. We discovered a bug that was not enforcing this authentication. This was important to fix to help prevent dictionary attacks on user's passwords. How long do you think it will take for you to fix your code?
Ok, so I may be stupid, but at least I'm not crazy (at least for this issue).
My code is changed, as it was a very minor fix, but it's going to take Microsoft 5-10 days to get it to the Windows Phone Marketplace. Until then, all users of the Windows Phone app cannot login once they have logged out, and all new users are unable to log in.
I am sorry for the inconvenience. I have reverted it back, so it should be working again. The documentation clearly indicates the required authentication mechanism, but we should have been more cautious in fixing this bug. In the future, we will make more announcements about pending changes to the API that might cause backwards incompatibility. Please update your app with the necessary authentication and let us know when it is ready so that we can fix the bug for good.