Unexpected 403s for /userinfo (OAuth)


As of today our OAuth application (HSReplay) is seeing 403s as part of the login process for all users, specifically when retrieving the /userinfo endpoint. We’re using a standard Python OAuth library (django-allauth) and have not made any changes recently.

We’ve sporadically seen something like this in the past, although not in the recent month. Today it’s been going on since early 5am UTC and there’s no sign of it stopping, outside of a short thirty minute window around 5pm UTC when everything was working again.

The 403s are not the usual JSON format and there’s no error code or similar involved - they like they’re from a firewall:

<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n</body>\r\n</html>\r\n

Is there some kind of known failure on the Battle.net side? Is there something else we should be doing?