问题
What is the difference between gcloud auth application-default login vs gcloud auth login?
Despite the definitions below, it is still hard to differentiate them.
gcloud auth application-default login - acquire new user credentials to use for Application Default Credentials
gcloud auth login - authorize gcloud to access the Cloud Platform with Google user credentials
When should I use one over the other?
回答1:
The difference is the use cases:
As a developer, I want to interact with GCP via gcloud.gcloud auth login
This obtains your credentials and stores them in ~/.config/gcloud/. Now you can run gcloud commands from your terminal and it will find your credentials automatically. Any code/SDK will not automatically pick up your creds in this case.
Reference: https://cloud.google.com/sdk/gcloud/reference/auth/login
As a developer, I want my code to interact with GCP via SDK.gcloud auth application-default login
This obtains your credentials via a web flow and stores them in 'the well-known location for Application Default Credentials'. Now any code/SDK you run will be able to find the credentials automatically. This is a good stand-in when you want to locally test code which would normally run on a server and use a server-side credentials file.
Reference: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login
Edit (09/19/2019):
As Kent contributed in his comment below, 'the well-known location for Application Default Credentials' is a file named application_default_credentials.json located in your local ~/.config/gcloud/ directory. I've added an additional link below to an article by Theodore Sui and Daniel De Leo which goes into greater detail about the difference authentication methods.
Article: https://medium.com/google-cloud/local-remote-authentication-with-google-cloud-platform-afe3aa017b95
回答2:
I'm adding this as an answer because I don't have the reputation to comment. I think @Himal's answer is spot on but I'd like to clarify that when it says code/SDK, we should think code or Language (Java/Ruby/Python) SDK v/s the gcloud SDK (which is also referred to as Cloud SDK). This confused me a bit because I had the same doubts
So, gcloud auth login -> Login to gcloud SDK
gcloud auth application-default login -> Login to any code running on the computer (language SDK's within an application)
There is also a give-away in the OAuth authentication screen in the browser windows that open up:
gcloud auth login asks you to choose an account to continue to give access to 'google cloud sdk'.
gcloud auth application-default login asks you to give access to google auth library instead.
来源:https://stackoverflow.com/questions/53306131/difference-between-gcloud-auth-application-default-login-and-gcloud-auth-logi