stackoom
  简体   繁体   中英

Difference between "gcloud auth application-default login" and "gcloud auth login"

 原文  2018-11-14 17:53:07       google-cloud-platform/ gcloud

Question

What is the difference between gcloud auth application-default login vs gcloud auth login ?

Despite the definitions below, it is still hard to differentiate them.

gcloud auth application-default login :

  • acquire new user credentials to use for Application Default Credentials

gcloud auth login :

  • authorize gcloud to access the Cloud Platform with Google user credentials

When should I use one over the other?

2 answers

solution1
 55 ACCPTED  2018-11-14 19:29:16

The difference is the use cases:

As a developer, I want to interact with GCP via gcloud.
gcloud auth login
This obtains your credentials and stores them in ~/.config/gcloud/ . Now you can run gcloud commands from your terminal and it will find your credentials automatically. Any code/SDK will not automatically pick up your creds in this case.

Reference: https://cloud.google.com/sdk/gcloud/reference/auth/login

As a developer, I want my code to interact with GCP via SDK.
gcloud auth application-default login
This obtains your credentials via a web flow and stores them in 'the well-known location for Application Default Credentials' . Now any code/SDK you run will be able to find the credentials automatically. This is a good stand-in when you want to locally test code which would normally run on a server and use a server-side credentials file.

Reference: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login

Edit (09/19/2019):
As Kent contributed in his comment below, 'the well-known location for Application Default Credentials' is a file named application_default_credentials.json located in your local ~/.config/gcloud/ directory. I've added an additional link below to an article by Theodore Sui and Daniel De Leo which goes into greater detail about the different authentication methods.

Article: https://medium.com/google-cloud/local-remote-authentication-with-google-cloud-platform-afe3aa017b95

solution2
 9  2019-06-24 15:24:14

I'm adding this as an answer because I don't have the reputation to comment. I think @Himal's answer is spot on but I'd like to clarify that when it says code/SDK, we should think code or Language (Java/Ruby/Python) SDK v/s the gcloud SDK (which is also referred to as Cloud SDK). This confused me a bit because I had the same doubts

So, gcloud auth login -> Login to gcloud SDK

gcloud auth application-default login -> Login to any code running on the computer (language SDK's within an application)

There is also a give-away in the OAuth authentication screen in the browser windows that open up:

gcloud auth login asks you to choose an account to continue to give access to 'google cloud sdk'.

gcloud auth application-default login asks you to give access to google auth library instead.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Authorizing client libraries without access to a web browser - gcloud auth application-default login How to run this command gcloud auth application-default login inside bitbucket pipelines? Is there an gcloud auth application-default print-access-token equivalent in C#? gcloud auth application-default print-access-token gives file not found error gcloud auth application-default print-access-token error: “invalid_grant: Bad Request” Can I automate `gcloud auth login`? Create cred.json file using gcloud auth login gcloud auth login does not update/identify my active account correctly Difference between gcloud auth activate-service-account --key-file and GOOGLE_APPLICATION_CREDENTIALS Whoami doesn't change in GCP after I run gcloud auth login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM