Identity-Aware Proxy Authorization Error 403 org_internal

1.1k Views Asked by At

I have a Python Streamlit app hosted in GCP via App Engine. Following this tutorial, I added an Idenity-Aware Proxy to secure the app.

The IAP is activated and the OAuth consent screen it set to internal. In the IAP settings, I added myself and a fellow both with the "IAP-secured Web App User"-role.

While I can access the app after login with my associated google account, he gets and "Error 403: org_internal" error when login within his associated google account.

What I already tried:

  • Setting the OAuth consent screen to external (test mode) and added both of us
  • Adding him to our GCP organization

None of both approached worked. He just can't access the app after all. Any ideas what I am doing wrong?

0

There are 0 best solutions below