What is the difference between gcloud auth application-default login
vs gcloud auth login
?
Despite the definitions below, it is still hard to differentiate them.
gcloud auth application-default login :
acquire new user credentials to use for Application Default Credentials
gcloud auth login :
authorize gcloud to access the Cloud Platform with Google user credentials
When should I use one over the other?
The difference is the use cases:
As a developer, I want to interact with GCP via gcloud.
gcloud auth login
This obtains your credentials and stores them in ~/.config/gcloud/
. Now you can run gcloud
commands from your terminal and it will find your credentials automatically. Any code/SDK will not automatically pick up your creds in this case.
Reference: https://cloud.google.com/sdk/gcloud/reference/auth/login
As a developer, I want my code to interact with GCP via SDK.
gcloud auth application-default login
This obtains your credentials via a web flow and stores them in 'the well-known location for Application Default Credentials'. Now any code/SDK you run will be able to find the credentials automatically. This is a good stand-in when you want to locally test code which would normally run on a server and use a server-side credentials file.
Reference: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login
Edit (09/19/2019):
As Kent contributed in his comment below, 'the well-known location for Application Default Credentials' is a file named application_default_credentials.json
located in your local ~/.config/gcloud/
directory. I've added an additional link below to an article by Theodore Sui and Daniel De Leo which goes into greater detail about the difference authentication methods.
Article: https://medium.com/google-cloud/local-remote-authentication-with-google-cloud-platform-afe3aa017b95