diff --git a/google/appengine.go b/google/appengine.go
index c6213d9..24ffad0 100644
--- a/google/appengine.go
+++ b/google/appengine.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build appengine,!appenginevm
+// +build appengine
 
 package google
 
@@ -20,7 +20,7 @@ import (
 // that involves user accounts, see oauth2.Config instead.
 //
 // You are required to provide a valid appengine.Context as context.
-func AppEngineTokenSource(ctx appengine.Context, scope ...string) oauth2.TokenSource {
+func AppEngineTokenSource(ctx oauth2.Context, scope ...string) oauth2.TokenSource {
 	return &appEngineTokenSource{
 		ctx:         ctx,
 		scopes:      scope,
diff --git a/google/appenginedoc.go b/google/appenginedoc.go
new file mode 100644
index 0000000..34dada8
--- /dev/null
+++ b/google/appenginedoc.go
@@ -0,0 +1,19 @@
+// Copyright 2015 The oauth2 Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !appengine,!appenginevm
+
+package google
+
+import "golang.org/x/oauth2"
+
+// AppEngineTokenSource returns a token source that fetches tokens
+// issued to the current App Engine application's service account.
+// If you are implementing a 3-legged OAuth 2.0 flow on App Engine
+// that involves user accounts, see oauth2.Config instead.
+//
+// You are required to provide a valid appengine.Context as context.
+func AppEngineTokenSource(ctx oauth2.Context, scope ...string) oauth2.TokenSource {
+	panic("You should only use an AppEngineTokenSource in an App Engine application.")
+}
diff --git a/google/appenginevm.go b/google/appenginevm.go
index 12af742..f31f0d3 100644
--- a/google/appenginevm.go
+++ b/google/appenginevm.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build appenginevm !appengine
+// +build appenginevm
 
 package google
 
@@ -19,7 +19,7 @@ import (
 // that involves user accounts, see oauth2.Config instead.
 //
 // You are required to provide a valid appengine.Context as context.
-func AppEngineTokenSource(ctx appengine.Context, scope ...string) oauth2.TokenSource {
+func AppEngineTokenSource(ctx oauth2.Context, scope ...string) oauth2.TokenSource {
 	return &appEngineTokenSource{
 		ctx:         ctx,
 		scopes:      scope,