I have a published Google Sheets add-on that makes use of the Session.getActiveUser().getEmail() function to validate the user's subscription on startup. However, I've identified a situation where it returns blank instead of the user's email.
If the user who created the spreadsheet that the add-on is being used in shares it with someone who is not in their domain, it will return blank for that user. It only occurs in the instance where Session.getActiveUser().getEmail() is called in an installed onOpen trigger. Otherwise it will return the users email regardless of whether they are the owner or in the same domain.
The OauthScope https://www.googleapis.com/auth/userinfo.email is being used so there isn't an issue there on top of the fact it runs fine everywhere but the installed onOpen trigger.
The documentation says that it will return blank "If security policies do not allow access to the user's identity" but I'm not sure where the security policy is that would be preventing it. I could understand if a spreadsheet made my someone outside of a domain is requesting the email of someone inside a domain (a user the sheet was shared with). But this is the other way around.
Any ideas if there is a way around this? Or is it just an authorization problem that can't be fixed where installed onOpen triggers don't have access to that?
EDIT 1:
This answer points out how it needs to be running Authmode.FULL to access that information. However, the add-on has already been enabled by the user and it's an installable trigger which from my understanding of the documentation runs in Authmode.FULL.
EDIT 2:
I just modified my installable on open trigger to log the auth mode when it runs and it show that it is running in FULL
