ADC Authentication

[thoughtfuldata]

I know this has been somewhat asked before but the related answers are quite old and some of the solutions no longer apply (i.e Google Drive API is no longer required)

How would this work with local Application Default Credentials(ADC) during development? ( i.e using gcloud auth application-default login).

from google.auth import default
creds, _ = default()
gc = gspread.authorize(creds)

print(type(creds))

I get "google.oauth2.credentials.Credentials" for the type

In deployment, I use a service account.

As a note: with GCSFS when using cloud storage this just works, trying to see what I'm doing wrong here.

Also, I have already tried using the service

gc = gspread.service_account(filename="./*.json")

and everything works

[lavigne958]

Hi thank you for this proposal, I recently looked into the default() function provided by Google auth package I wondered if it works.

It's great you confirm it does !

So far we could add some mention in the documentation and the main readme. So users can benefit from this setup.

Later this year I wish we could have this function as the default way of getting credentials.

[thoughtfuldata]

@lavigne958 Actually, all a user needs to do is add the correct scope

DEFAULT_SCOPES = [
    "https://www.googleapis.com/auth/spreadsheets",
]
# Authenticate using ADC
creds, _ = google.auth.default(scopes=DEFAULT_SCOPES)  

and it works.

On the package side, gspread could assume the user uses ADC authentication( and that account has proper permissions) if a credentials.json isn't passed. This would cover most cases as Google recommends ADC authentication. This is similar to what GCSFS does. You can look at their docs GCSFS docs here and in the credentials section is where they explained their logic.