2013-12-28 23:03:28 +00:00
|
|
|
<!--
|
2014-12-08 21:30:39 +00:00
|
|
|
tagline: Access privately hosted packages
|
2013-12-28 23:03:28 +00:00
|
|
|
-->
|
|
|
|
|
2014-12-08 21:30:39 +00:00
|
|
|
# HTTP basic authentication
|
2013-12-28 23:03:28 +00:00
|
|
|
|
2014-12-08 21:30:39 +00:00
|
|
|
Your [Satis or Toran Proxy](handling-private-packages-with-satis.md) server
|
|
|
|
could be secured with http basic authentication. In order to allow your project
|
2013-12-28 23:03:28 +00:00
|
|
|
to have access to these packages you will have to tell composer how to
|
|
|
|
authenticate with your credentials.
|
|
|
|
|
2014-12-08 21:30:39 +00:00
|
|
|
The simplest way to provide your credentials is providing your set
|
2013-12-28 23:03:28 +00:00
|
|
|
of credentials inline with the repository specification such as:
|
|
|
|
|
2014-12-08 21:30:39 +00:00
|
|
|
```json
|
|
|
|
{
|
|
|
|
"repositories": [
|
|
|
|
{
|
|
|
|
"type": "composer",
|
|
|
|
"url": "http://extremely:secret@repo.example.org"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
```
|
2013-12-28 23:03:28 +00:00
|
|
|
|
|
|
|
This will basically teach composer how to authenticate automatically
|
|
|
|
when reading packages from the provided composer repository.
|
|
|
|
|
|
|
|
This does not work for everybody especially when you don't want to
|
|
|
|
hard code your credentials into your composer.json. There is a second
|
2014-12-08 21:30:39 +00:00
|
|
|
way to provide these details and it is via interaction. If you don't
|
2013-12-28 23:03:28 +00:00
|
|
|
provide the authentication credentials composer will prompt you upon
|
|
|
|
connection to enter the username and password.
|
|
|
|
|
2014-12-08 21:30:39 +00:00
|
|
|
The third way if you want to pre-configure it is via an `auth.json` file
|
|
|
|
located in your `COMPOSER_HOME` or besides your `composer.json`.
|
|
|
|
|
|
|
|
The file should contain a set of hostnames followed each with their own
|
|
|
|
username/password pairs, for example:
|
|
|
|
|
|
|
|
```json
|
|
|
|
{
|
2015-03-13 09:25:55 +00:00
|
|
|
"http-basic": {
|
2014-12-08 21:30:39 +00:00
|
|
|
"repo.example1.org": {
|
|
|
|
"username": "my-username1",
|
|
|
|
"password": "my-secret-password1"
|
|
|
|
},
|
|
|
|
"repo.example2.org": {
|
|
|
|
"username": "my-username2",
|
|
|
|
"password": "my-secret-password2"
|
|
|
|
}
|
2014-12-18 02:11:36 +00:00
|
|
|
}
|
2014-12-08 21:30:39 +00:00
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
The main advantage of the auth.json file is that it can be gitignored so
|
|
|
|
that every developer in your team can place their own credentials in there,
|
|
|
|
which makes revokation of credentials much easier than if you all share the
|
|
|
|
same.
|