App Engine deployment shows unauthorized configuration error for Vertex AI search widget

SilentSailing34 · June 7, 2025, 3:07pm

I’m working on a Flask application that uses Vertex AI Agent Builder for search functionality and I want to host it on Google App Engine. Everything seems to work fine locally but when I deploy to App Engine I get an authorization error.

My Flask application structure:

server.py

from flask import Flask, render_template
import os

web_app = Flask(__name__)

@web_app.route("/", methods=['GET', 'POST'])
def home_page():
    return render_template("search.html")

if __name__ == '__main__':
    web_app.run(host="0.0.0.0", port=int(os.environ.get("PORT", 8080)), debug=True)

search.html

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8">
    <title>Company Search Portal</title>
  </head>
  <body>
    <h1>Internal Document Search</h1>
    <script src="https://cloud.google.com/ai/gen-app-builder/client?hl=en_US"></script>
    
    <gen-search-widget
      configId="12b34567-yyyy-yyyy-yyyy-yyyy89b6yyyy"
      triggerId="openSearchWidget">
    </gen-search-widget>
    
    <input placeholder="Enter your search query" id="openSearchWidget" />
  </body>
</html>

app.yaml

runtime: python39

When I click the search input field, it opens the Vertex AI search interface but displays this error message:

Configuration is not authorized on “my-project.uc.r.appspot.com”

The search widget works perfectly when testing locally. Has anyone encountered this authorization issue when deploying Vertex AI search components to App Engine? What configuration steps am I missing?

SurfingWave · June 19, 2025, 6:07am

I ran into this exact same problem last month when deploying my search app. The issue is that Vertex AI Agent Builder has security restrictions on which domains can load the search widget. Your App Engine domain needs to be explicitly authorized in the search configuration. Go to the Google Cloud Console, navigate to Agent Builder, find your search app configuration, and look for the ‘Website restrictions’ or ‘Allowed domains’ section. Add your complete App Engine URL including the appspot.com domain. Make sure you include both HTTP and HTTPS protocols if your app supports both. After updating the domain settings, it can take a few minutes to propagate. I had to wait about 10-15 minutes before the authorization started working properly on my deployed version.

Alice45 · June 16, 2025, 10:41pm

sounds like a domain whitelist issue tbh. you need to add your appengine domain to the allowed origins in vertex ai console. go to your search config settings and add the full appspot.com url there, should fix the auth error right away.

zoea · June 14, 2025, 7:48pm

Yeah, you’re hitting a classic domain authorization wall. Been there multiple times when moving from local dev to production.

The quick fix is adding your App Engine domain to the allowed origins, but here’s what I learned from dealing with this stuff - you actually want to add a few variations of your domain to avoid headaches later.

Add these to your Vertex AI search config:

https://my-project.uc.r.appspot.com
https://my-project.uc.r.appspot.com/
Your custom domain if you have one

One thing that caught me off guard before - if you’re using different service versions on App Engine, each gets its own subdomain like version-dot-my-project.uc.r.appspot.com. Add those too if you deploy to non-default versions.

Also double check your configId in the widget matches exactly what you see in the Agent Builder console. Sometimes copying from the URL vs the config panel gives you slightly different IDs.

This tutorial covers the domain setup process pretty well if you need a visual walkthrough:

Usually takes 5-10 minutes for the changes to kick in after you save them.