When using OAuth2 App-ID authentication with ArcGIS Online Applications, it is worth noting that the Feature Services being consumed by the application must be owned by the application author (the creator of the token). If the Feature Services are not owned by the application author, or are only shared to the application author, the user will receive the following error:

"You do not have permissions to access this resource or perform this operation."

Therefore, all feature services within the application must be owned by the application author.

It is possible to change the ownership of a feature service within ArcGIS Online by following the instructions in the following documentation: http://resources.arcgis.com/en/help/arcgisonline/index.html#/Managing_items/010q0000004w000000/