0

I have a Python Streamlit app hosted in GCP via App Engine. Following this tutorial, I added an Idenity-Aware Proxy to secure the app.

The IAP is activated and the OAuth consent screen it set to internal. In the IAP settings, I added myself and a fellow both with the "IAP-secured Web App User"-role.

While I can access the app after login with my associated google account, he gets and "Error 403: org_internal" error when login within his associated google account.

What I already tried:

  • Setting the OAuth consent screen to external (test mode) and added both of us
  • Adding him to our GCP organization

None of both approached worked. He just can't access the app after all. Any ideas what I am doing wrong?

winwin
  • 323
  • 4
  • 15
  • Have you asked your friend to try incognito? Not sure but it may be possible that they have two Google accounts logged on their browser. – Dondi May 05 '21 at 07:38
  • We already tried to clear the cache by using `url/_gcp_iap/clear_login_cookie` and made sure to login using the correct account. – winwin May 05 '21 at 12:49
  • Try checking your organization policies. I don't have tools to see your project details, so if you have a Free Trial or Paid support plan, I suggest using it and reach out to a [support representative](https://cloud.google.com/support-hub) who can review your configs. – Dondi May 06 '21 at 08:43

0 Answers0