Hello,
I’m seeing a consistent failure when embedding an AI Applications widget into Google Sites and into an Apps Script web app.
What fails
When a user clicks the widget search bar, the widget calls:
https://content-eu-discoveryengine.googleapis.com/v1alpha/locations/eu/lookupWidgetConfig
and gets:
{
"error": {
"code": 403,
"message": "Access Denied.",
"status": "PERMISSION_DENIED"
}
}
The UI shows: “Configuration is not authorized on ‘’.”
The <host> is dynamic, e.g.:
- Google Sites:
NNNNNNNN-atari-embeds.googleusercontent.com(numeric prefix changes) - Apps Script:
n-...-script.googleusercontent.com
Comparison with a working app
I have another AI Application widget in the same organization that embeds into Google Sites successfully. * Its Integration allowed domains are minimal: only googleusercontent.com and sites.google.com .
- It works without any “Configuration is not authorized…” errors.
- The non-working app is configured similarly (same “Search with follow-ups” style and similar settings). The main difference is that the failing app uses Google Drive connected data stores (Drive connector).
I also attempted adding more domains to the failing app (including googleusercontent.com , atari-embeds.googleusercontent.com , sites.google.com , script.google.com , drive.google.com , etc.). Changes were saved and I waited (per the UI note), but the error persists.
Questions
- Are these dynamic googleusercontent embed hosts (e.g.,
NNNNNNNN-atari-embeds.googleusercontent.com,n-…-script.googleusercontent.com) expected/supported for widget embedding? If yes, what exact domain(s) should be allowlisted so it works reliably? - Is there any known limitation/bug where widgets backed by Google Drive connected data stores fail
lookupWidgetConfigauthorization (403) when embedded, while non-Drive apps work?
Happy to share additional details or screenshots if needed. I must be missing something.
Thanks for your time!