I have a Python Streamlit app hosted in GCP via App Engine. Following this tutorial, I added an Idenity-Aware Proxy to secure the app.
The IAP is activated and the OAuth consent screen it set to internal. In the IAP settings, I added myself and a fellow both with the "IAP-secured Web App User"-role.
While I can access the app after login with my associated google account, he gets and "Error 403: org_internal" error when login within his associated google account.
What I already tried:
- Setting the OAuth consent screen to external (test mode) and added both of us
- Adding him to our GCP organization
None of both approached worked. He just can't access the app after all. Any ideas what I am doing wrong?