Google Apps Script does not allow access in Google Workspace
I have published a Google Apps Script as a web app. Because the URL is not so nice, I have included the script in an iframe on a site with a nicer URL. I have included the corresponding option so that it works at all. Now this web app should only be accessible within the Google Workspace (formerly known as GSuite) I am working in. This setting can be done when publishing the Web App. The problem is, however, that some users (by far not all users!) in our Google Workspace cannot access the Google Apps Script that way. There is a error message saying that Google prohibits the connection.
It seems like the authenticiation does not work "through the iframe". Interestingly, the problem only arises when
- the script is embedded in an iframe (the direct script URL by Google works for the users)
- the script is restricted to the Google workspace.
- Chrome is used (the issue does not happen with Firefox)
It is remarkable that for most users in our Google Workspace the issue does not appear. We had similar problems when including the script on a Google site (which, in the end, is also just an iframe), but with less users experiencing the issue. I have already made sure that the users are only logged in with their Google Workspace account (no other account which has no permission). In Inkognito mode the same happens.
Can someone explain this behaviour? And how to fix that (without changing the framework)?
I have been in contact with the Google support. If I remember correctly, this kind of authentication will be deprecated and should now be done with other tools, for example Google's Firebase Auth.