0

I developed an Apps Script Web App that uses some Google Apis (drive, calendar, etc.).

I wrote Terms and Privacy Policy and requested Google to approve it, and they keep bugging me that I need to remove, from "Authorized Javascript origins", anything that is not hosted on my real TLD's (own domains).

The problem is I need to put on the authorized origins some https://n-blablabla-0lu-script.googleusercontent.com URL's, because those are the origins of the Apps Script itself, where the LOGIN button is.

Basically when someone enters my app, if it is not yet logged in, I show in the app itself a Login button, and once the user logs in, I request the permissions. This is pretty common, and since the Apps Script runs in google platform, it has google on its URL/origin.

I spent ~2 weeks with Google Support trying to explain them that I cant remove those authorized origins of https://n-blablabla-0lu-script.googleusercontent.com, otherwise, I do get this:

idpiframe_initialization_failed: Not a valid origin for the client The Google Sign-in library requires that the domain registered in the Google Developers Console matches the domain being used to host the web page. Ensure that the origin you registered matches the URL in the browser.

the Web App is embedded on a Google Sites (new) iframe

TheMaster
  • 45,448
  • 6
  • 62
  • 85
Patricio Stegmann
  • 43
  • 6
  • Have you tried using "https://script.google.com" in JavaScript origins? ā€“ Aerials Jul 24 '20 at 14:41
  • 1
    How is this a on-topic question? Do you expect us to explain to you how you should explain other departments? Consider posting to https://workplace.stackexchange.com/ If you put your own login in [tag:gas-web-app], you need that origin and probably [a couple more too](https://stackoverflow.com/questions/56862586) ā€“ TheMaster Jul 24 '20 at 15:11
  • Iā€™m voting to close this question because it is not a programming question. ā€“ TheMaster Jul 24 '20 at 15:13

0 Answers0