mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-11 15:39:42 +00:00
107 lines
4.6 KiB
Bash
107 lines
4.6 KiB
Bash
NAME
|
|
gcloud auth application-default login - acquire new user credentials to use
|
|
for Application Default Credentials
|
|
|
|
SYNOPSIS
|
|
gcloud auth application-default login [--no-browser]
|
|
[--client-id-file=CLIENT_ID_FILE] [--disable-quota-project]
|
|
[--no-launch-browser] [--scopes=SCOPES,[SCOPES,...]]
|
|
[GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
Obtains user access credentials via a web flow and puts them in the
|
|
well-known location for Application Default Credentials (ADC).
|
|
|
|
This command is useful when you are developing code that would normally use
|
|
a service account but need to run the code in a local development
|
|
environment where it's easier to provide user credentials. The credentials
|
|
will apply to all API calls that make use of the Application Default
|
|
Credentials client library. Do not set the GOOGLE_APPLICATION_CREDENTIALS
|
|
environment variable if you want to use the credentials generated by this
|
|
command in your local development. This command tries to find a quota
|
|
project from gcloud's context and write it to ADC so that Google client
|
|
libraries can use it for billing and quota. Alternatively, you can use the
|
|
--client-id-file flag. In this case, the project owning the client id will
|
|
be used for billing and quota. You can create the client-id-file at
|
|
https://console.cloud.google.com/apis/credentials.
|
|
|
|
This command has no effect on the user account(s) set up by the gcloud auth
|
|
login command.
|
|
|
|
Any credentials previously generated by gcloud auth application-default
|
|
login will be overwritten.
|
|
|
|
EXAMPLES
|
|
If you want your local application to temporarily use your own user
|
|
credentials for API access, run:
|
|
|
|
$ gcloud auth application-default login
|
|
|
|
If you'd like to login by passing in a file containing your own client id,
|
|
run:
|
|
|
|
$ gcloud auth application-default login \
|
|
--client-id-file=clientid.json
|
|
|
|
FLAGS
|
|
--no-browser
|
|
Use this flag to authenticate client libraries on a machine without a
|
|
web browser.
|
|
|
|
--client-id-file=CLIENT_ID_FILE
|
|
A file containing your own client id to use to login. If
|
|
--client-id-file is specified, the quota project will not be written to
|
|
ADC.
|
|
|
|
--disable-quota-project
|
|
By default, the project in billing/quota_project or core/project will
|
|
be written to application default credentials (ADC) as the quota
|
|
project. When both are set, billing/quota_project takes precedence. You
|
|
can use --billing-project to overwrite the value in
|
|
billing/quota_project. Similarly, you can use --project to overwrite
|
|
the value in core/project. Client libraries will send it to services
|
|
and use it for quota and billing. To be able to use a project as the
|
|
quota project, the account in ADC must have the
|
|
serviceusage.services.use permission on the project. This permission is
|
|
granted to the project editor and project owner. You can create custom
|
|
roles to include this permission.
|
|
|
|
Note that some cloud services may ignore this quota project and still
|
|
bill the project owning the resources.
|
|
|
|
In the following situations, you may use this flag to skip setting the
|
|
quota project:
|
|
|
|
◆ The account in ADC cannot be granted the project editor or owner
|
|
role or any role with the serviceusage.services.use permission.
|
|
◆ You always want to bill the project owning the resources.
|
|
|
|
--launch-browser
|
|
(DEPRECATED) Launch a browser for authorization. If not enabled or if
|
|
it is not possible to launch a browser, prints a URL to standard output
|
|
to be copied.
|
|
|
|
The --[no-]launch-browser flags are deprecated and will be removed in
|
|
future updates. Use --no-browser to replace --no-launch-browser.
|
|
Enabled by default, use --no-launch-browser to disable.
|
|
|
|
--scopes=SCOPES,[SCOPES,...]
|
|
The names of the scopes to authorize for. By default openid,
|
|
https://www.googleapis.com/auth/userinfo.email,
|
|
https://www.googleapis.com/auth/cloud-platform scopes are used. The
|
|
list of possible scopes can be found at:
|
|
https://developers.google.com/identity/protocols/googlescopes.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
NOTES
|
|
This variant is also available:
|
|
|
|
$ gcloud beta auth application-default login
|
|
|