You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems that there is no way to use this method of authentication securely. There is no way to define custom headers and tokens in auth.json. Additionally, repositories do not "merge" with the global composer file: so you cannot just define the secure repo in the project composer.json and then the authentication settings in the global one.
The only solution I have found so far is to not define the repository at all at the project level that does not seem ideal.
Composer configuration also does not support environment variables.
I noticed there is also a bearer auth method but only works if the Authorization header is required.
It seems like there should be a way of specifying secure/secret headers in auth.json.
The text was updated successfully, but these errors were encountered:
Auth for the new changed github api has the same issue, you need to provide a Authorization: token YOUR_TOKEN header, what currently seems to be impossible via auth.json
@Radon8472 this should be possible via the github-oauth config option tho. If you have auth configured there it shuold be picked up automatically by all composer code.
@Radon8472 this should be possible via the github-oauth config option tho. If you have auth configured there it shuold be picked up automatically by all composer code.
I dont know why, but last month it was not working, now it seems that something has change on github, now github-oauth is woking again.
My
composer.json
:From the documentation here: https://getcomposer.org/doc/articles/authentication-for-private-packages.md#custom-token-authentication
It seems that there is no way to use this method of authentication securely. There is no way to define custom headers and tokens in
auth.json
. Additionally, repositories do not "merge" with the global composer file: so you cannot just define the secure repo in the projectcomposer.json
and then the authentication settings in the global one.The only solution I have found so far is to not define the repository at all at the project level that does not seem ideal.
Composer configuration also does not support environment variables.
I noticed there is also a
bearer
auth method but only works if theAuthorization
header is required.It seems like there should be a way of specifying secure/secret headers in
auth.json
.The text was updated successfully, but these errors were encountered: