Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Composer doesn't use oauth/http-basic settings for private repos #8356

igorsantos07 opened this issue Oct 4, 2019 · 2 comments


Copy link

commented Oct 4, 2019

This is a follow-up to the forgotten issue at #4453

My composer.json:

    "require": {
        "igorsantos07/«my-private-repo»": "dev-master"
    "repositories": [
            "type": "git",
            "url": "«my-private-repo»"
    "config": {
        "github-oauth": {
            "": "«my valid token»"
        "http-basic": {
            "": {
                "username": "igorsantos07",
                "password": "«same valid token»"

Output of composer diagnose:

Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking oauth access: OK
Checking disk free space: OK
Checking pubkeys: 
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
Checking composer version: You are not running the latest stable version, run `composer self-update` to update (1.8.6 => 1.9.0)
Composer version: 1.8.6
PHP version: 7.2.20
PHP binary path: /usr/local/bin/php

When I run this command:

composer update

I get the following output:

  Failed to clone«my-private-repo» via https, ssh protocols, aborting.       
    Cloning into bare repository '/.composer/cache/vcs/'...  
    remote: Invalid username or password.                                                                   
    fatal: Authentication failed for '«my-private-repo»/'                     
    Cloning into bare repository '/.composer/cache/vcs/'...  
    error: cannot run ssh: No such file or directory                                                        
    fatal: unable to fork
    Please make sure you have the correct access rights                                                     
    and the repository exists.                                    

And I expected this to happen:
Composer should either try to use http-basic auth for (as described in their automation article), or the oauth token. Both are provided in composer.json. I tried adding these to auth.json, the output is the same (both for diag and update).

If the token is added as user in the repository URL (as in«my-private-repo») it works fine, but sounds like a simple hack to a mechanism that should be working according to their meaning (I mean, I set auth settings for

This is important for Docker containers, as getting the correct SSH access seems very troublesome for something that could be ephemerous, and HTTP auth works just fine.


This comment has been minimized.

Copy link

commented Oct 6, 2019

The problem here I believe is due to the use of "type": "git", instead of "type": "vcs" in the repository config. That said, at least http-basic should be taken into account for regular (non-github specific) git clones. That probably should be fixed in Composer.

@Seldaek Seldaek added the Feature label Oct 6, 2019
@Seldaek Seldaek added this to the 1.10 milestone Oct 6, 2019

This comment has been minimized.

Copy link

commented Oct 8, 2019

Gotcha. I wrote git out of my mind, and indeed it's not a correct value. Thanks!
Anyway, shouldn't that throw some warning when running update, or at least diagnose and/or validate?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.