Why getActiveUser() goes quiet
Session.getActiveUser().getEmail() returns the email of the person currently running the script — but only under a specific condition: the user must be in the same Google Workspace domain as the script owner, and the script must be running in a context where Apps Script can verify their identity. Outside that narrow window, Google returns an empty string rather than throwing an error.
The frustrating part is that it silently fails. You call getEmail(), get back "", and there's no exception, no log warning, nothing. The first time I hit this I spent an hour checking OAuth scopes before realizing the form respondent was on a personal Gmail account, which is cross-domain by definition.
Three situations reliably produce a blank: a form respondent on a different domain (or any personal Gmail), an installable trigger running as the trigger owner rather than the viewer, and any script deployed as a web app with "Execute as me" where the caller's identity isn't passed through. The common thread is that Apps Script's identity model only surfaces the active user when it can guarantee the claim without leaking PII across org boundaries.