In T594 we have protected LibreTime with an HTTP Auth using an Apache frontend but this caused the unintentionally protection of all LibreTime widgets under the /embed base URL.
This is a nasty behavior because now a widget is embedded in the website causing the OAuth popup to visitors and consequent failure:
We have not noticed this until today because this is what I was seeing. You know, "it works on my computer" because I'm already authenticated: