Originally posted to the Google Cloud Platform blog
When you write applications that run on Google Compute Engine instances, you might want to connect them to Google Cloud Storage, Google BigQuery, and other Google Cloud Platform services. Those services use OAuth2, the global standard for authorization, to help ensure that only the right callers can make the right calls. Unfortunately, OAuth2 has traditionally been hard to use. It often requires specialized knowledge and a lot of boilerplate auth setup code just to make an initial API call.
Today, with Application Default Credentials (ADC), we're making things easier. In many cases, all you need is a single line of auth code in your app:
Credential credential = GoogleCredential.getApplicationDefault();
If you're not already familiar with auth concepts, including 2LO, 3LO, and service accounts, you may find this introduction useful.
ADC takes all that complexity and packages it behind a single API call. Under the hood, it makes use of:
You can find more about Google Application Default Credentials here. This is available for Java, Python, Node.js, Ruby, and Go. Libraries for PHP and .Net are in development.