I think I've discovered an OAuth Remote Action bug. The behavior I'm seeing is that when I navigate to a Visualforce page, using the oauth_token parameter to authenticate, the Visualforce page displays correctly but Remote Actions return an exception message:

Error parsing json response: 'syntax error'. Logged in?

To reproduce this error create a Visualforce page named OAuthRemoteActionBug and an Apex controller with the same name using the code below. Then, navigate to the OAuth Authorize URL below and cut and paste the access_token fragment out of the URL you are redirected to. Finally, visit the OAuthRemoteActionBug Visualforce page appending the access_token via the oauth_token parameter. The page will load correctly, but when you click the Remote Action button it will alert the exception message above.

<apex:page controller="OAuthRemoteActionBug" docType="html-5.0" showHeader="false" standardStylesheets="false" cache="false">
    <script type="text/javascript">
        function remoteAction() {
            OAuthRemoteActionBug.remoteAction(function(result, event){
                alert(event.message ? event.message : result);
            });
        }
    </script>
    <button onclick="remoteAction();">Remote Action</button>
</apex:page>

public class OAuthRemoteActionBug {
    @RemoteAction public static String remoteAction(){return 'Success';}
}

https://login.salesforce.com/services/oauth2/authorize?response_type=token&client_id=3MVG9CVKiXR7Ri5pPDk3EWdsKKhkS4hshTAY6gyUDVYzhINx7LlRpuzprA5.gEcZ3zQlVO72JZiP4rZgSp4vx&redirect_uri=OAuthRemoteActionBug://&scope=visualforce

oauthremoteactionbug://#access_token=[access_token]

OAuthRemoteActionBug?oauth_token=[access_token]

Attribution to: mjgallag

Possible Suggestion/Solution #1

Visualforce Remoting in Summer '13 has better support for OAuth. See link below for details. Blog and examples to soon follow.

OAuth 2.0 Authentication for JavaScript Remoting

Attribution to: cwall

Possible Suggestion/Solution #2

The oauth_token parameter method DOESN'T set the sid session cookie that Remote Actions need to function properly.

The frontdoor.jsp method DOES set the sid session cookie that Remote Actions need to function properly.

The Mobile SDK uses the frontdoor.jsp method, see SFHybridApp.js line 247.

It's important to note that a visualforce scoped oauth access token will not work with frontdoor.jsp, it needs to be web scoped. I'm guessing this is why the Mobile SDK switched from using visualforce to web, see commit Changing default scope from visualforce to web.

Though I found the oauth_token method on a developerforce blog post "append the OAuth access token to a VF URL and direct users to it (for e.g. ‘https://c.cs0.visual.force.com/apex/HelloWorld?oauth_token=’)" and the frontdoor.jsp method is used in the Mobile SDK it seems neither of them are official supported "No, there's no supported equivalent of frontdoor.jsp yet. – superfell Jan 3 at 23:23".

Attribution to: mjgallag
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/4112