diff --git a/src/Composer/Factory.php b/src/Composer/Factory.php
index 0d455b7e3..8b7c4dbdb 100644
--- a/src/Composer/Factory.php
+++ b/src/Composer/Factory.php
@@ -216,22 +216,7 @@ class Factory
         }
         $config->setAuthConfigSource(new JsonConfigSource($file, true));
 
-        // load COMPOSER_AUTH environment variable if set
-        if ($composerAuthEnv = Platform::getEnv('COMPOSER_AUTH')) {
-            $authData = json_decode($composerAuthEnv);
-            if (null === $authData) {
-                throw new \UnexpectedValueException('COMPOSER_AUTH environment variable is malformed, should be a valid JSON object');
-            } else {
-                if ($io instanceof IOInterface) {
-                    $io->writeError('Loading auth config from COMPOSER_AUTH', true, IOInterface::DEBUG);
-                }
-                self::validateJsonSchema($io, $authData, JsonFile::AUTH_SCHEMA, 'COMPOSER_AUTH');
-                $authData = json_decode($composerAuthEnv, true);
-                if (null !== $authData) {
-                    $config->merge(['config' => $authData], 'COMPOSER_AUTH');
-                }
-            }
-        }
+        self::loadComposerAuthEnv($config, $io);
 
         return $config;
     }
@@ -341,6 +326,9 @@ class Factory
             }
         }
 
+        // make sure we load the auth env again over the local auth.json + composer.json config
+        self::loadComposerAuthEnv($config, $io);
+
         $vendorDir = $config->get('vendor-dir');
 
         // initialize composer
@@ -678,6 +666,28 @@ class Factory
         return $httpDownloader;
     }
 
+    private static function loadComposerAuthEnv(Config $config, ?IOInterface $io): void
+    {
+        $composerAuthEnv = Platform::getEnv('COMPOSER_AUTH');
+        if (false === $composerAuthEnv || '' === $composerAuthEnv) {
+            return;
+        }
+
+        $authData = json_decode($composerAuthEnv);
+        if (null === $authData) {
+            throw new \UnexpectedValueException('COMPOSER_AUTH environment variable is malformed, should be a valid JSON object');
+        }
+
+        if ($io instanceof IOInterface) {
+            $io->writeError('Loading auth config from COMPOSER_AUTH', true, IOInterface::DEBUG);
+        }
+        self::validateJsonSchema($io, $authData, JsonFile::AUTH_SCHEMA, 'COMPOSER_AUTH');
+        $authData = json_decode($composerAuthEnv, true);
+        if (null !== $authData) {
+            $config->merge(['config' => $authData], 'COMPOSER_AUTH');
+        }
+    }
+
     private static function useXdg(): bool
     {
         foreach (array_keys($_SERVER) as $key) {