Issue

I used the sample app from the repo
https://github.com/googleworkspace/apps-script-oauth2/tree/main/samples/WebApp
Deployed with a config that "my user" is the executor and published to "Anyone".

I removed the code that the email getter from the Session.

And it's working without any issues with my active Google account session. But when I try with a browser that doesn't have a Google account's active session usercallback endpoint is redirecting to the Google Login page as follows.

Expected behaviour

If the App Script is deployed to "Anyone", the usercallback endpoint must not check the Google Account.