Menu
GitHub has started sending emails about deprecated authentication but I have not yet found a resource for detailing what composer's auth.json should look like under the new regime.
My requirements are relatively simple - using composer to update a Symfony application in development and occasionally experimenting with other repos.
With this, my original configuration (automatically built)...
{
"github-oauth": {
"github.com": "(a string)"
}
}
... I receive this warning:
...your personal access token...was used as part of a query parameter to access an endpoint through the GitHub API...Please use the Authorization HTTP header instead...
But when I try with this other configuration:
{
"http-basic": {
"github.com": {
"username": " my email address",
"password": " my password "
} }
}
I receive this other warning:
You recently used a password to access an endpoint through the GitHub API using Composer/1.9.1 ...We recommend using a personal access token (PAT) with the appropriate scope to access this endpoint instead.
What should it really look like and why am I getting these deprecation warnings?
310
Install GitHub CLI on macOS, Windows, or Linux. In the command line, enter gh auth login , then follow the prompts. When prompted for your preferred protocol for Git operations, select HTTPS . When asked if you would like to authenticate to Git with your GitHub credentials, enter Y .
To authenticate as a GitHub App, generate a private key in PEM format and download it to your local machine. You'll use this key to sign a JSON Web Token (JWT) and encode it using the RS256 algorithm. GitHub checks that the request is authenticated by verifying the token with the app's stored public key.
Personal access token are an alternative to using passwords for authentication to GitHub when using the GitHub API or the command line.
Of these two configurations, the first is the correct one.
The "string" should be your Personal Access Token (PAT), configured with the appropriate access scopes on GitHub.
To configure the scopes for your token you need to visit your GitHub Developer Settings -> Personal Access Tokens.
The second format attempts to authenticate sending your username and password instead of a generated token. That's a bad security practice, and should not be done.
But the main reason you are getting the first warning is because you are running an old composer version.
You need to update to the 1.9.3 version, where this was fixed. On previous versions you may get the deprecation warning nonetheless because of how composer connects to GitHub.
191
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
