NAME
    gcloud auth application-default login - acquire new user credentials to use
        for Application Default Credentials

SYNOPSIS
    gcloud auth application-default login [--no-browser]
        [--client-id-file=CLIENT_ID_FILE] [--disable-quota-project]
        [--no-launch-browser] [--scopes=SCOPES,[SCOPES,...]]
        [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    Obtains user access credentials via a web flow and puts them in the
    well-known location for Application Default Credentials (ADC).

    This command is useful when you are developing code that would normally use
    a service account but need to run the code in a local development
    environment where it's easier to provide user credentials. The credentials
    will apply to all API calls that make use of the Application Default
    Credentials client library. Do not set the GOOGLE_APPLICATION_CREDENTIALS
    environment variable if you want to use the credentials generated by this
    command in your local development. This command tries to find a quota
    project from gcloud's context and write it to ADC so that Google client
    libraries can use it for billing and quota. Alternatively, you can use the
    --client-id-file flag. In this case, the project owning the client id will
    be used for billing and quota. You can create the client-id-file at
    https://console.cloud.google.com/apis/credentials.

    This command has no effect on the user account(s) set up by the gcloud auth
    login command.

    Any credentials previously generated by gcloud auth application-default
    login will be overwritten.

EXAMPLES
    If you want your local application to temporarily use your own user
    credentials for API access, run:

        $ gcloud auth application-default login

    If you'd like to login by passing in a file containing your own client id,
    run:

        $ gcloud auth application-default login \
            --client-id-file=clientid.json

FLAGS
     --no-browser
        Use this flag to authenticate client libraries on a machine without a
        web browser.

     --client-id-file=CLIENT_ID_FILE
        A file containing your own client id to use to login. If
        --client-id-file is specified, the quota project will not be written to
        ADC.

     --disable-quota-project
        By default, the project in billing/quota_project or core/project will
        be written to application default credentials (ADC) as the quota
        project. When both are set, billing/quota_project takes precedence. You
        can use --billing-project to overwrite the value in
        billing/quota_project. Similarly, you can use --project to overwrite
        the value in core/project. Client libraries will send it to services
        and use it for quota and billing. To be able to use a project as the
        quota project, the account in ADC must have the
        serviceusage.services.use permission on the project. This permission is
        granted to the project editor and project owner. You can create custom
        roles to include this permission.

        Note that some cloud services may ignore this quota project and still
        bill the project owning the resources.

        In the following situations, you may use this flag to skip setting the
        quota project:

        ◆ The account in ADC cannot be granted the project editor or owner
          role or any role with the serviceusage.services.use permission.
        ◆ You always want to bill the project owning the resources.

     --launch-browser
        (DEPRECATED) Launch a browser for authorization. If not enabled or if
        it is not possible to launch a browser, prints a URL to standard output
        to be copied.

        The --[no-]launch-browser flags are deprecated and will be removed in
        version 383.0.0 (04/26/2022). Use --no-browser to replace
        --no-launch-browser. Enabled by default, use --no-launch-browser to
        disable.

     --scopes=SCOPES,[SCOPES,...]
        The names of the scopes to authorize for. By default openid,
        https://www.googleapis.com/auth/userinfo.email,
        https://www.googleapis.com/auth/cloud-platform scopes are used. The
        list of possible scopes can be found at:
        https://developers.google.com/identity/protocols/googlescopes.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    This variant is also available:

        $ gcloud beta auth application-default login

