I have a web app that uses Google Identity Services and using the example for implicit flow at https://developers.google.com/identity/oauth2/web/guides/migration-to-gis#gis-only I was able to successfully able to do the integration. Initially I set up the OAuth consent form for internal users and now I am trying to expand it to external users (the app is not published and is currently in test mode with test users added). I have a Google Sheets document shared from Org 1 to Org 2. The web app along with OAuth consent belongs to Org 1. The test user belongs to Org 2 with whom the document is shared. When this Org 2 user uses the app and authenticates and provides consent, trying to download the sheets doc gives 401 (Unauthorized) error. Note that the user was able to view the shared document using the normal browser flow.
Is there anything more needed to support external users?
