Update authentication methods in documentation
parent
9ca7457698
commit
2c8cbebd85
|
@ -900,9 +900,10 @@ If set to 1, this env allows running Composer when the Xdebug extension is enabl
|
||||||
### COMPOSER_AUTH
|
### COMPOSER_AUTH
|
||||||
|
|
||||||
The `COMPOSER_AUTH` var allows you to set up authentication as an environment variable.
|
The `COMPOSER_AUTH` var allows you to set up authentication as an environment variable.
|
||||||
The contents of the variable should be a JSON formatted object containing http-basic,
|
The contents of the variable should be a JSON formatted object containing [http-basic,
|
||||||
github-oauth, bitbucket-oauth, ... objects as needed, and following the
|
github-oauth, bitbucket-oauth, ... objects as needed](articles/authentication-for-private-packages.md),
|
||||||
[spec from the config](06-config.md#gitlab-oauth).
|
and following the
|
||||||
|
[spec from the config](06-config.md).
|
||||||
|
|
||||||
### COMPOSER_BIN_DIR
|
### COMPOSER_BIN_DIR
|
||||||
|
|
||||||
|
|
|
@ -71,9 +71,9 @@ URL.
|
||||||
A list of domain names and oauth keys. For example using `{"github.com":
|
A list of domain names and oauth keys. For example using `{"github.com":
|
||||||
"oauthtoken"}` as the value of this option will use `oauthtoken` to access
|
"oauthtoken"}` as the value of this option will use `oauthtoken` to access
|
||||||
private repositories on github and to circumvent the low IP-based rate limiting
|
private repositories on github and to circumvent the low IP-based rate limiting
|
||||||
of their API. [Read
|
of their API. Composer may prompt for credentials when needed, but these can also be
|
||||||
more](articles/troubleshooting.md#api-rate-limit-and-oauth-tokens) on how to get
|
manually set. Read more on how to get an OAuth token for GitHub and cli syntax
|
||||||
an OAuth token for GitHub.
|
[here](articles/authentication-for-private-packages.md#github-oauth).
|
||||||
|
|
||||||
## gitlab-oauth
|
## gitlab-oauth
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,8 @@ for credentials and save them (or a token if Composer is able to retrieve one).
|
||||||
|[Custom header](#custom-token-authentication)|no|
|
|[Custom header](#custom-token-authentication)|no|
|
||||||
|[gitlab-oauth](#gitlab-oauth)|yes|
|
|[gitlab-oauth](#gitlab-oauth)|yes|
|
||||||
|[gitlab-token](#gitlab-token)|yes|
|
|[gitlab-token](#gitlab-token)|yes|
|
||||||
|
|[github-oauth](#github-oauth)|yes|
|
||||||
|
|[bitbucket-oauth](#bitbucket-oauth)|yes|
|
||||||
|
|
||||||
Sometimes automatic authentication is not possible, or you may want to predefine
|
Sometimes automatic authentication is not possible, or you may want to predefine
|
||||||
authentication credentials.
|
authentication credentials.
|
||||||
|
@ -93,6 +95,16 @@ You can open this file in your favorite editor and fix the error.
|
||||||
It is also possible to add credentials to a `composer.json` on a per-project basis in the `config`
|
It is also possible to add credentials to a `composer.json` on a per-project basis in the `config`
|
||||||
section or directly in the repository definition.
|
section or directly in the repository definition.
|
||||||
|
|
||||||
|
## Authentication using the COMPOSER_AUTH environment variable
|
||||||
|
|
||||||
|
> **Note:** Using this method also has security implications.
|
||||||
|
> Credentials passed using command line environment variables will most likely be stored in memory,
|
||||||
|
> and on be persisted to a file like ```~/.bash_history```(linux) or ```ConsoleHost_history.txt```
|
||||||
|
> (Powershell on Windows) when closing a session.
|
||||||
|
|
||||||
|
The final option to supply Composer with credentials is to use the ```COMPOSER_AUTH``` environment variable.
|
||||||
|
Read more about the usage of this environment variable [here](../03-cli.md#COMPOSER_AUTH).
|
||||||
|
|
||||||
# Authentication methods
|
# Authentication methods
|
||||||
|
|
||||||
## http-basic
|
## http-basic
|
||||||
|
@ -224,3 +236,55 @@ composer config [--global] --editor --auth
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## github-oauth
|
||||||
|
|
||||||
|
To create a new access token, head to your [token settings section on Github](https://github.com/settings/tokens) and [generate a new token](https://github.com/settings/tokens/new). For public repositories when rate limited, the ```public_repo``` scope is required, for private repositories the ```repo:status``` scope is needed.
|
||||||
|
Read more about it [here](https://github.com/blog/1509-personal-api-tokens).
|
||||||
|
|
||||||
|
### Command line github-oauth
|
||||||
|
|
||||||
|
```sh
|
||||||
|
composer config [--global] github-oauth.github.com token
|
||||||
|
```
|
||||||
|
|
||||||
|
### Manual github-oauth
|
||||||
|
|
||||||
|
```sh
|
||||||
|
composer config [--global] --editor --auth
|
||||||
|
```
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"github-oauth": {
|
||||||
|
"github.com": "token"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## bitbucket-oauth
|
||||||
|
|
||||||
|
Read more about how to set up oauth on bitbucket [here](https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/).
|
||||||
|
|
||||||
|
### Command line bitbucket-oauth
|
||||||
|
|
||||||
|
```sh
|
||||||
|
composer config [--global] bitbucket-oauth.bitbucket.org cosumer-key consumer-secret
|
||||||
|
```
|
||||||
|
|
||||||
|
### Manual bitbucket-oauth
|
||||||
|
|
||||||
|
```sh
|
||||||
|
composer config [--global] --editor --auth
|
||||||
|
```
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"bitbucket-oauth": {
|
||||||
|
"bitbucket.org": {
|
||||||
|
"consumer-key": "key",
|
||||||
|
"consumer-secret": "secret"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
|
@ -177,12 +177,7 @@ Because of GitHub's rate limits on their API it can happen that Composer prompts
|
||||||
for authentication asking your username and password so it can go ahead with its work.
|
for authentication asking your username and password so it can go ahead with its work.
|
||||||
|
|
||||||
If you would prefer not to provide your GitHub credentials to Composer you can
|
If you would prefer not to provide your GitHub credentials to Composer you can
|
||||||
manually create a token using the following procedure:
|
manually create a token using the [procedure documented here](authentication-for-private-packages.md#github-oauth).
|
||||||
|
|
||||||
1. [Create](https://github.com/settings/tokens) an OAuth token on GitHub.
|
|
||||||
[Read more](https://github.com/blog/1509-personal-api-tokens) on this.
|
|
||||||
|
|
||||||
2. Add it to the configuration running `composer config -g github-oauth.github.com <oauthtoken>`
|
|
||||||
|
|
||||||
Now Composer should install/update without asking for authentication.
|
Now Composer should install/update without asking for authentication.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue