This page describes authentication information for Cloud Composer.
Supported authentication methods
Cloud Composer supports the following authentication methods.
Service accounts are recommended for almost all use cases, whether you are developing locally or in a production application.
For more information about setting up authentication with a production application, see Setting Up Authentication for Server-to-Server Production Applications.
When the application needs to access resources on behalf of an end user, you can authenticate users directly to your application. For most use cases, we recommend using a service account instead.
If your application uses end user authentication, you need to specify OAuth scopes when making a method call. See Cloud Composer Reference for per-method OAuth scopes.
For more information about setting up authentication with user accounts, see Authenticating as an End User.
Roles limit an authenticated identity's ability to access resources. When building a production application, only grant an identity the permissions it needs to interact with applicable Google Cloud Platform APIs, features, or resources.
For more information about these roles, see Cloud Composer Access Control.
To learn more about GCP authentication, see the Authentication Guide.