Authorization Error When Using Vertex AI Search Widget on App Engine Domain

SparklingGem · August 6, 2025, 10:36am

I’m working on a Flask application that uses Vertex AI Agent Builder for search functionality and deploying it to Google App Engine. Everything seems to work fine locally, but when I deploy to App Engine, I run into an authorization issue.

My Flask Application Setup

server.py

from flask import Flask, render_template
import os

webapp = Flask(__name__)

@webapp.route("/", methods=['GET', 'POST'])
def homepage():
    return render_template("search.html")

if __name__ == '__main__':
    webapp.run(host="0.0.0.0", port=int(os.environ.get("PORT", 8080)), debug=True)

search.html

<!DOCTYPE html>
<html>
  <head>
    <meta charset="UTF-8">
    <title>Company Search Portal</title>
  </head>
  <body>
    <h1>Internal Document Search</h1>
    <script src="https://cloud.google.com/ai/gen-app-builder/client?hl=en_US"></script>

    <gen-search-widget
      configId="98b41027-yyyy-yyyy-yyyy-yyyy90b6yyyy"
      triggerId="searchTriggerButton">
    </gen-search-widget>

    <input placeholder="Enter search terms" id="searchTriggerButton" />
  </body>
</html>

app.yaml

runtime: python39

The Flask app deploys successfully and the main page loads without problems. However, when I click on the search input field, it tries to load the Vertex AI search interface but fails with this error message:

Configuration is not authorized on “***.uc.r.appspot.com”

It seems like there’s some kind of domain authorization issue between my App Engine instance and the Vertex AI search configuration. Has anyone encountered this before? What configuration steps am I missing?

deltaDreamer · August 12, 2025, 9:24am

Been there too many times with domain authorization headaches. You’re looking at this wrong though.

The real issue isn’t just the manual fix - it’s that you’re stuck managing domain configs every deploy or environment change. You’ll hit this same wall with staging environments or custom domains.

What solved this for me was ditching the embedded widgets entirely. I moved the search logic to Latenode automation instead.

Here’s how it works: Your Flask app sends search queries to a Latenode webhook, it hits the Vertex AI APIs with proper service account auth, then returns clean results. No domain restrictions, no widget headaches.

Bonus - you get better control over the search experience and can add preprocessing, logging, or other integrations without touching your main app.

Just set up an HTTP trigger in Latenode that takes your search params, calls Vertex AI Search API, and formats the response however you want.

emparker · August 11, 2025, 9:09pm

Hit this exact wall 6 months ago when we rolled out our internal knowledge base search. The widget has domain restrictions you need to configure in the Vertex AI console.

Go to your Vertex AI Agent Builder console, find your search app, and look for “Integration” or “Embed” settings. You’ll see an “Allowed domains” section - add your App Engine URL there.

Add both:

your-app-id.uc.r.appspot.com
your-app-id.appspot.com (sometimes needed for redirects)

We also added our custom domain later when we mapped one to the app.

One gotcha - domain allowlist changes take 10-15 minutes to propagate. Don’t keep redeploying thinking it’s broken.

Also check your IAM permissions. Make sure your App Engine default service account has the “Discovery Engine Viewer” role if you haven’t set that up.