From 7cf3b01631977eb40d041fb016ea7e26e0711184 Mon Sep 17 00:00:00 2001 From: Carsten Brandt Date: Tue, 7 Jun 2022 14:04:04 +0200 Subject: [PATCH] Added documentation about HTTP Bearer Auth (#10780) Bearer Auth has been added here: - https://github.com/composer/composer/commit/548505f103d4e55a4044bedcd17bd93eba2fe68b - https://github.com/composer/composer/commit/f964b8301837a49ee1a4cf77dbfb38d0c2c2a340 - #8671 - #8642 but it was not documented in this file. --- .../authentication-for-private-packages.md | 64 +++++++++++++++++-- 1 file changed, 60 insertions(+), 4 deletions(-) diff --git a/doc/articles/authentication-for-private-packages.md b/doc/articles/authentication-for-private-packages.md index 1c6081afd..8e4b142b9 100644 --- a/doc/articles/authentication-for-private-packages.md +++ b/doc/articles/authentication-for-private-packages.md @@ -18,6 +18,7 @@ for credentials and save them (or a token if Composer is able to retrieve one). |---|---| |[http-basic](#http-basic)|yes| |[Inline http-basic](#inline-http-basic)|no| +|[HTTP Bearer](#http-bearer)|no| |[Custom header](#custom-token-authentication)|no| |[gitlab-oauth](#gitlab-oauth)|yes| |[gitlab-token](#gitlab-token)|yes| @@ -50,6 +51,7 @@ Composer home directory. For all authentication methods it is possible to edit them using the command line; - [http-basic](#command-line-http-basic) - [Inline http-basic](#command-line-inline-http-basic) + - [HTTP Bearer](#http-bearer) - [gitlab-oauth](#command-line-gitlab-oauth) - [gitlab-token](#command-line-gitlab-token) - [github-oauth](#command-line-github-oauth) @@ -69,6 +71,7 @@ php composer.phar config --global --editor [--auth] For specific authentication implementations, see their sections; - [http-basic](#manual-http-basic) - [Inline http-basic](#manual-inline-http-basic) + - [HTTP Bearer](#http-bearer) - [custom header](#manual-custom-token-authentication) - [gitlab-oauth](#manual-gitlab-oauth) - [gitlab-token](#manual-gitlab-token) @@ -101,7 +104,7 @@ section or directly in the repository definition. > **Note:** Using the command line environment variable method also has security implications. > These credentials will most likely be stored in memory, -> and on be persisted to a file like `~/.bash_history`(linux) or `ConsoleHost_history.txt` +> and may be persisted to a file like `~/.bash_history` (linux) or `ConsoleHost_history.txt` > (PowerShell on Windows) when closing a session. The final option to supply Composer with credentials is to use the `COMPOSER_AUTH` environment variable. @@ -115,9 +118,14 @@ Read more about the usage of this environment variable [here](../03-cli.md#compo ### Command line http-basic ```sh -php composer.phar config [--global] http-basic.example.org username password +php composer.phar config [--global] http-basic.repo.example.org username password ``` +In the above command, the config key `http-basic.repo.example.org` consists of two parts: + +- `http-basic` is the authentication method. +- `repo.example.org` is the repository host name, you should replace it with the host name of your repository. + ### Manual http-basic ```sh @@ -167,6 +175,34 @@ php composer.phar config [--global] --editor } ``` +## HTTP Bearer + +### Command line HTTP Bearer authentication + +```sh +php composer.phar config [--global] bearer.repo.example.org token +``` + +In the above command, the config key `bearer.repo.example.org` consists of two parts: + +- `bearer` is the authentication method. +- `repo.example.org` is the repository host name, you should replace it with the host name of your repository. + +### Manual HTTP Bearer authentication + +```sh +php composer.phar config [--global] --editor --auth +``` + +```json +{ + "bearer": { + "example.org": "TOKEN" + } +} +``` + + ## Custom token authentication ### Manual custom token authentication @@ -201,9 +237,14 @@ php composer.phar config [--global] --editor ### Command line gitlab-oauth ```sh -php composer.phar config [--global] gitlab-oauth.example.org token +php composer.phar config [--global] gitlab-oauth.gitlab.example.org token ``` +In the above command, the config key `gitlab-oauth.gitlab.example.org` consists of two parts: + +- `gitlab-oauth` is the authentication method. +- `gitlab.example.org` is the host name of your GitLab instance, you should replace it with the host name of your GitLab instance or use `gitlab.com` if you don't have a self-hosted GitLab instance. + ### Manual gitlab-oauth ```sh @@ -231,9 +272,14 @@ When creating a gitlab token manually, make sure it has either the `read_api` or ### Command line gitlab-token ```sh -php composer.phar config [--global] gitlab-token.example.org token +php composer.phar config [--global] gitlab-token.gitlab.example.org token ``` +In the above command, the config key `gitlab-token.gitlab.example.org` consists of two parts: + +- `gitlab-token` is the authentication method. +- `gitlab.example.org` is the host name of your GitLab instance, you should replace it with the host name of your GitLab instance or use `gitlab.com` if you don't have a self-hosted GitLab instance. + ### Manual gitlab-token ```sh @@ -264,6 +310,11 @@ Read more about [Personal Access Tokens](https://docs.github.com/en/authenticati php composer.phar config [--global] github-oauth.github.com token ``` +In the above command, the config key `github-oauth.github.com` consists of two parts: + +- `github-oauth` is the authentication method. +- `github.com` is the host name for which this token applies. For GitHub you most likely do not need to change this. + ### Manual github-oauth ```sh @@ -288,6 +339,11 @@ The BitBucket driver uses OAuth to access your private repositories via the BitB php composer.phar config [--global] bitbucket-oauth.bitbucket.org consumer-key consumer-secret ``` +In the above command, the config key `bitbucket-oauth.bitbucket.org` consists of two parts: + +- `bitbucket-oauth` is the authentication method. +- `bitbucket.org` is the host name for which this token applies. Unless you have a private instance you don't need to change this. + ### Manual bitbucket-oauth ```sh