Authorisation with Custom Headers in auth.json

[rlees85]

My composer.json:

{
    "config": {},
    "repositories": [{
        "type": "composer",
        "url": "https://secure.repo.url",
        "options":  {
            "http": {
                "header": [
                    "cf-access-token: <token>"
                ]
            }
        }
    }]
}

From the documentation here: https://getcomposer.org/doc/articles/authentication-for-private-packages.md#custom-token-authentication

It seems that there is no way to use this method of authentication securely. There is no way to define custom headers and tokens in auth.json. Additionally, repositories do not "merge" with the global composer file: so you cannot just define the secure repo in the project composer.json and then the authentication settings in the global one.

The only solution I have found so far is to not define the repository at all at the project level that does not seem ideal.

Composer configuration also does not support environment variables.

I noticed there is also a bearer auth method but only works if the Authorization header is required.

It seems like there should be a way of specifying secure/secret headers in auth.json.

[Radon8472]

Auth for the new changed github api has the same issue, you need to provide a Authorization: token YOUR_TOKEN header, what currently seems to be impossible via auth.json

[Seldaek]

@Radon8472 this should be possible via the github-oauth config option tho. If you have auth configured there it shuold be picked up automatically by all composer code.

[Radon8472]

@Radon8472 this should be possible via the github-oauth config option tho. If you have auth configured there it shuold be picked up automatically by all composer code.

I dont know why, but last month it was not working, now it seems that something has change on github, now github-oauth is woking again.