Airflow Summit 2023
Join the Airflow community on September 19—21 during the Airflow Summit 2023 conference to learn more about Airflow and share your expertise. You can register here for the summit. Make sure to check out the Lineage and Disaster Recovery workshop from our Composer experts!

Cloud Composer authentication overview

Cloud Composer 1 | Cloud Composer 2

This page provides authentication information for Cloud Composer.

Supported authentication methods

Cloud Composer supports the following authentication methods.

Service accounts

Service accounts are recommended for almost all use cases, whether you are developing locally or in a production application.

For more information about setting up authentication with a production application, see Setting Up Authentication for Server-to-Server Production Applications.

User accounts

When the application needs to access resources on behalf of an end user, you can authenticate users directly to your application. For most use cases, we recommend using a service account instead.

If your application uses end user authentication, you need to specify OAuth scopes when making a method call. See Cloud Composer Reference for per-method OAuth scopes.

For more information about setting up authentication with user accounts, see Authenticating as an End User.

Access control

Roles limit an authenticated identity's ability to access resources. When building a production application, only grant an identity the permissions it needs to interact with applicable Google Cloud APIs, features, or resources.

For more information about these roles, see Cloud Composer Access Control.

What's next

To learn more about Google Cloud authentication, see the Authentication Guide.