Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More explicit support for authorization/bearer header as authentication method #8642

Closed
ethanclevenger91 opened this issue Feb 24, 2020 · 1 comment
Closed

More explicit support for authorization/bearer header as authentication method #8642

ethanclevenger91 opened this issue Feb 24, 2020 · 1 comment
Labels
Feature
Milestone
1.10

Comments

@ethanclevenger91
Copy link
Contributor

ethanclevenger91 commented Feb 24, 2020
edited

GitLab repositories support Authorization: Bearer xxx headers as a method for authentication via auth.json. If a repository domain is listed under gitlab-domains in the config and auth.json contains an http-basic entry for that domain with the username oauth2, the password will be sent as the token.

GitLab isn't the only platform in the world using API tokens to authenticate. Right now you can add any functioning Composer repository with token-based authentication, GitLab-backed or not, to the gitlab-domains config and then configure a token as described and you'll authenticate just fine. Seems it would make sense to generalize this somehow. Perhaps dedicated token auth support in auth.json that isn't tied to the gitlab-domains config?

My global config.json:

{
    "config": {
    	"gitlab-domains": [
    		"ethan.packagepeak.test"
    	]
    }
}

That domain is not a GitLab instance. It's a Laravel app using Airlock, FWIW.

My global auth.json:

{
	"http-basic":
	{
		"ethan.packagepeak.test": {
			"username": "valid-api-token",
			"password": "oauth2"
		}
	}
}

And this works, but seems you could add proper support for Bearer token authentication rather than tie it just to GitLab. So no config required, and an auth.json like:

{
	"bearer":
	{
		"ethan.packagepeak.test": "valid-api-token"
	}
}

Pretty sure this can currently be accomplished per-project when defining the repository with something like:

{
    "repositories": {
        "package-peak": {
            "type": "composer",
            "url": "http://ethan.packagepeak.test",
            "options": {
                "http": {
                    "header": [
                        "Authorization: Bearer valid-api-token"
                    ]
                }
            }
        }
    }
}

But for whatever reason I couldn't get that method to work at all. Ultimately I'd rather not be committing API tokens anyway.

Output of composer diagnose:

Checking composer.json: WARNING
require.roots/wordpress : unbound version constraints (>=5.2.2) should be avoided
... // several more of unbound version warnings
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com oauth access: OK
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 1.9.3
PHP version: 7.3.10
PHP binary path: C:\Users\ethan\bin\php-7.3.10\php.exe
@Seldaek Seldaek added this to the Nice To Have milestone Feb 28, 2020
@ethanclevenger91 ethanclevenger91 mentioned this issue Mar 4, 2020
Merged
@Seldaek Seldaek modified the milestones: Nice To Have, 1.10 Mar 10, 2020
@Seldaek
Copy link
Member

Seldaek commented Mar 10, 2020

Fixed by #8671

@Seldaek Seldaek closed this as completed Mar 10, 2020
@mlbors mlbors mentioned this issue Apr 30, 2021
Closed
cebe added a commit to cebe/composer that referenced this issue May 13, 2022
@cebe
WIP: Added documentation about HTTP Bearer Auth
7e99829 
Bearer Auth has been added here:

- composer@548505f
- composer@f964b83
- composer#8671
- composer#8642

but it was not documented in this file.

Committing a draft here, will polish it up later.
@cebe cebe mentioned this issue May 13, 2022
Merged
Seldaek pushed a commit that referenced this issue Jun 7, 2022
@cebe
Added documentation about HTTP Bearer Auth (#10780)
7cf3b01 
Bearer Auth has been added here:

- 548505f
- f964b83
- #8671
- #8642

but it was not documented in this file.
emahorvat52 pushed a commit to emahorvat52/composer that referenced this issue Feb 3, 2023
@cebe @emahorvat52
Added documentation about HTTP Bearer Auth (composer#10780)
4e590a1 
Bearer Auth has been added here:

- composer@548505f
- composer@f964b83
- composer#8671
- composer#8642

but it was not documented in this file.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
1.10
Development

No branches or pull requests
3 participants
@alcohol @Seldaek @ethanclevenger91