It seems that you have published your Web App as:
Execute the app as: ME
Who has access to the app:Anyone
There is also the option of: Who has access to the app: Anyone, even anonymous
If you are using the option of Who has access to the app:Anyone
Then your users still need to sign in.
If the app is running as:
Execute the app as: ME
Then the Web App can't access the users account.
Are your users getting the message:
This application was created by another user, not by Google.
You can submit your project, through the Google Cloud Platform, for verification. But you need to consider the costs and benefits of going through that process.
I believe that the msg:
This application was created by another user, not by Google.
is still being displayed for unverified projects, even if you are the only person using the web app, in your account.
I think that you might be able to avoid having that message displayed if you embed your web app into a Google Site. You could try that.
If you want to avoid any warning messages from Google, and because your web app is for public use, you would need have a "standard" GCP project associated with the Apps Script project, and be verified for the OAuth scopes.
But going through the verification process could be a lot of time and effort. Your decision to go through the verification process may depend on how annoying the:
This application was created by another user, not by Google.
message is to you or your users.