Difference between "gcloud auth application-default login" and "gcloud auth login"

Question

What is the difference between gcloud auth application-default login vs gcloud auth login?

Despite the definitions below, it is still hard to differentiate them.

gcloud auth application-default login :

• acquire new user credentials to use for Application Default Credentials

gcloud auth login :

• authorize gcloud to access the Cloud Platform with Google user credentials

When should I use one over the other?

Answer 1

The difference is the use cases:

As a developer, I want to interact with GCP via gcloud.
gcloud auth login
This obtains your credentials and stores them in ~/.config/gcloud/. Now you can run gcloud commands from your terminal and it will find your credentials automatically. Any code/SDK will not automatically pick up your creds in this case.

Reference: https://cloud.google.com/sdk/gcloud/reference/auth/login

As a developer, I want my code to interact with GCP via SDK.
gcloud auth application-default login
This obtains your credentials via a web flow and stores them in 'the well-known location for Application Default Credentials'. Now any code/SDK you run will be able to find the credentials automatically. This is a good stand-in when you want to locally test code which would normally run on a server and use a server-side credentials file.

Reference: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login

Edit (09/19/2019):
As Kent contributed in his comment below, 'the well-known location for Application Default Credentials' is a file named application_default_credentials.json located in your local ~/.config/gcloud/ directory. I've added an additional link below to an article by Theodore Sui and Daniel De Leo which goes into greater detail about the different authentication methods.

Article: https://medium.com/google-cloud/local-remote-authentication-with-google-cloud-platform-afe3aa017b95