New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem with bearer authorization with Azure DevOps on-premise #9857
Comments
I think one potential issue is that bearer auth is not supported by the GitDownloader, however if you see Anyway.. this is a pretty exotic setup and also pretty hard for me to even reproduce this. What I would suggest is that you have a look at Private Packagist as that may help proxy your tfsonprem.com stuff in a way that is more easily consumed by Composer.. There's also an on-prem offering if that's a requirement. Aside from that I am not entirely sure how to help you further given the info I see here. |
Thanks for your answer! The error message, with However, we haven't tried to connect over SSH yet. Maybe it could work. I have to admit, as you said, that this configuration is pretty exotic, but TFS is the master tool in our workplace and we do not upload our packages on external servers. We took a look at Private Packagist, and that could be an answer to our problem. |
So, after many other attempts, it seems the problem is more related to Git. If we do something like so:
...we can download our packages from our TFS server and packagist.org. |
Well, as said before, the GitDownloader of Composer does not support Bearer authentication. Your solution is to make git itself manage the credentials instead of relying on Composer to pass them to git. |
Hi!
I decided to open this issue after I knocked my head against the wall for hours. I can't figure out if it is a problem related to Composer, or a problem with something located between the computer screen and the chair 馃槈. So feel free to close it. However, an explanation would be very appreciated.
We are using Azure DevOps on-premise, AKA TFS, and we have troubles to download our private packages. We are currently encountering a problem when we try to build a PHP project requiring internal Composer packages hosted on our private TFS on-premise repositories on a dedicated build machine through a TFS build pipeline.
In our composer.json file, external as well as internal packages are referenced. So, we have something like so:
Because we are behind a firewall, we have to set proxy information to get external packages. We do it like so:
However, to reach TFS, we also do something like so:
With this configuration, we can reach packagist.org and our TFS server. Unfortunately, we cannot pass the authentication. We tried the following things:
Creating an auth.json file at build time, trying various combinations:
We also tried the following thing:
In every case in which we used "repositories", we tried to change the type for "git", "composer" or "vcs". We also tried to use a personal access token generated by TFS instead of System.AccessToken.
Unfortunately, the result is always the same as we get the following error:
Our build job is set to allow scripts to access OAuth token, and it only fails when we use Composer. We tried with Composer 2.0.13 and 1.10.22. We also tried to play around with "--prefer-dist". We also cleared Composer cache each time.
For now (and since several months), as a workaround, we do the following thing: we have another composer.json file without our internal package that we use during the build, then we put the complete composer.json back. To install our private packages, for each one, we do the following thing:
It works fine, but this is not very clean and it does not allow us to switch the version of our packages easily.
The connection between our build server and TFS is fine and we can manually do the following thing:
Several months ago, we wrote the following posts: https://stackoverflow.com/questions/60741882/tfs-git-clone-private-repository-through-composer-fails and https://developercommunity.visualstudio.com/content/problem/968133/tfs-git-clone-private-repository-through-composer.html. But we were not able to go any further.
I read many posts and issues on the Internet, including the following ones:
However, I am not able to conclude what the problem is.
So, is this a problem related to Composer and if it is, what could be the problem? Does Composer support bearer authorization? Or is this a problem with NTLM authentication? Is this the expected behaviour?
If the problem is not related to Composer, any idea what could that be?
Many thanks in advance!
The text was updated successfully, but these errors were encountered: