Composer Update Fails due to Github Authorization · Issue #3542 · composer/composer · GitHub
2024.12.12 20:59
Skip to content
Navigation Menu
Toggle navigation Sign in Product GitHub Copilot Write better code with AI Security Find and fix vulnerabilities Actions Automate any workflow Codespaces Instant dev environments Issues Plan and track work Code Review Manage code changes Discussions Collaborate outside of code Code Search Find more, search less Explore All features Documentation GitHub Skills Blog Solutions By company size Enterprises Small and medium teams Startups By use case DevSecOps DevOps CI/CD View all use cases By industry Healthcare Financial services Manufacturing Government View all industries View all solutions Resources Topics AI DevOps Security Software Development View all Explore Learning Pathways White papers, Ebooks, Webinars Customer Stories Partners Executive Insights Open Source GitHub Sponsors Fund open source developers The ReadME Project GitHub community articles Repositories Topics Trending Collections Enterprise Enterprise platform AI-powered developer platform Available add-ons Advanced Security Enterprise-grade security features GitHub Copilot Enterprise-grade AI features Premium Support Enterprise-grade 24/7 support Pricing Search or jump toSearch code, repositories, users, issues, pull requests
Search syntax tipsProvide feedback
Cancel Submit feedbackSaved searches
Use saved searches to filter your results more quickly
Cancel Create saved search Sign in Sign up Reseting focus You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert {{ message }} composer / composer Public Notifications You must be signed in to change notification settings Fork 4.6k Star 28.7k Code Issues 103 Pull requests 16 Discussions Actions Security Insights Additional navigation options Code Issues Pull requests Discussions Actions Security Insights New issueHave a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Sign up for GitHubBy clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Jump to bottomComposer Update Fails due to Github Authorization #3542
Closed fiatux opened this issue Dec 12, 2014 · 34 comments ClosedComposer Update Fails due to Github Authorization #3542
fiatux opened this issue Dec 12, 2014 · 34 commentsComments
Copy linkfiatux commented Dec 12, 2014
During composer update I am asked for my github credentials repeatedly. What may be causing this?
An existing OAuth token for Composer is present and will be reused
Could not fetch https://api.github.com/authorizations , enter your GitHub credentials to go over the API rate limit
The credentials will be swapped for an OAuth token stored in /Users/[USER]/.composer/auth.json, your password will not be stored
To revoke access to this token you can visit https://github.com/settings/applications
Yes, I am entering my password correct, I have tried several different accounts and I can get authorization from Github if I use curl from cmdline.
The text was updated successfully, but these errors were encountered:
Copy link Contributorhkdobrev commented Dec 12, 2014
Possibly related to: https://developer.github.com/changes/2014-12-08-removing-authorizations-token/
Copy link Authorfiatux commented Dec 12, 2014
Not really, solved it by creating new token and adding it to the project's composer.json. I'm not sure why the valid token on /Users/[USER]/.composer/auth.json could not be used.
fiatux closed this as completed Dec 12, 2014 Copy link Contributorfonsecas72 commented Dec 12, 2014
I'm not sure why the valid token on /Users/[USER]/.composer/auth.json could not be used.
Maybe due to current user or COMPOSER_HOME environment variable at the time of the composer install being different of the expected?
I think I stumbled to something like that before.
hamiltont commented Dec 19, 2014
solved it by creating new token and adding it to the project's composer.json
Could someone post the format of how to do this? I'm experiencing a similar problem and wish to solve it manually for the moment
Copy linknmsobri commented Dec 19, 2014
Could someone post the format of how to do this? I'm experiencing a similar problem and wish to solve it manually for the moment
Yes, i want to know too
Copy link Contributorfonsecas72 commented Dec 19, 2014
You can solve it by creating a new github token to authenticate your composer requests.
You can do this two ways:
By defining your token globally:
composer config --global github-oauth.github.com TOKENOr by defining your token in a project composer.json:
{ "config" : { "github-oauth" : { "github.com" : " TOKEN " } } } More information about the problem and how to generate github tokens:
Composer troubleshooting
energysx commented Dec 25, 2014
hugofonseca thanks a lot!
Copy linkyoanisgil commented Jan 2, 2015
@hugofonseca Thanks!
Copy linkCommifreak commented Jan 8, 2015
The global Token config does not work (as mentiod in Post 3):
C:\Users\robin.kluth composer diag Checking platform settings: OK Checking git settings: OK Checking http connectivity: OK Checking HTTP proxy: OK Checking HTTP proxy support for request_fulluri: OK Checking HTTPS proxy support for request_fulluri: Could not fetch https://api.github.com/repos/Seldaek/jsonlint/zipball/1.0.0, ent er your GitHub credentials to go over the API rate limit The credentials will be swapped for an OAuth token stored in C:/Users/robin.klut h/AppData/Roaming/Composer/auth.json, your password will not be stored To revoke access to this token you can visit https://github.com/settings/applica tions Username:while in %appdata%\Composer\auth.json:
{ "http-basic": {}, "github-oauth": { "github.com": "my_token"} }If I add the token to projects composer.json, it is working as expected.
This was referenced Jan 15, 2015 auth.json refers to "github.com" instead of "api.github.com" for authenticated api calls #3609 Closed Update to the new GitHub Authorizations API (breaking change) #3566 Closed Copy linkwebdevilopers commented Jan 15, 2015
So the solution is to put the token into the composer.json directely instead of relying on the auth.json ?
Will this be solved as suggested in the latest issue #3566 @Seldaek ?
Because as Malcolm Fell @emarref mentions:
If you're working on a collaborative project, you should not commit your key in the project source control. The alternative is to set your key in your home directory
https://coderwall.com/p/kz4egw/composer-install-github-rate-limiting-work-around
Commifreak commented Jan 15, 2015
Hi,
I figured out, that the auto-generated token (via composer) ist not accepted. If I create the key via GitHub's WebUI and replace the old one in composer.json, it is working.
Copy linkwebdevilopers commented Jan 15, 2015
Have you tried that within the auth.json or config.json too?
Copy linkmidan888 commented Jan 21, 2015
I generated new token on Gtihub and pasted this in ocmposer json of the project and it worked, thanks to hugofonseca
{ "config": { "github-oauth": { "github.com": " TOKEN " } } }
webdevilopers commented Jan 22, 2015
Ok, so the important point is that the token has to be added to the `composer.json' file.
The attempt with auth.son of Composer is no longer supported by the curernt GitHub API:
#3566
webdevilopers commented Jan 29, 2015
It looks like @Seldaek added a fix for the original issue by @fiatux :
#3651
informaticosgb commented May 26, 2015
Gracias fonsecas72, funciona :D
composer clear-cache
composer global require "fxp/composer-asset-plugin:1.0.0-beta4"
composer config --global github-oauth.github.com "my_token"
composer create-project --prefer-dist yiisoft/yii2-app-advanced yii-application
Así me funcionó para Yii2 Advanced Template.
boedy mentioned this issue Jun 11, 2015 Add Documentation About GitHub Token RobLoach/docker-composer#17 Open spekary mentioned this issue Jun 20, 2015 Problems with the Composer install of 3.0 beta qcubed/qcubed#705 Closed Copy linkPeter74 commented Jun 21, 2015
Hi I was face same problem.
Solution for me was:
thanks @fonsecas72
and as a result of it was writing token at auth.json :
but not in composer.json - that was just mistake in explanation, but if you run
composer config --global github-oauth.github.com TOKEN you will be OK. Copy linkmarcozs84 commented Sep 3, 2015
Posted by codekman at
http://www.yiiframework.com/forum/index.php/topic/60340-issue-while-installing-yii-2/
Please see the line above the cmd, here you will find the url and visit this url and you will git the token and paste the token.
it worked for me at least luisfaceira mentioned this issue Dec 9, 2015 Speed git downloads by using cache dir as reference #4685 Closed lahmann mentioned this issue Dec 15, 2015 Removed bundled dependencies; adjusted Phing/Travis tasks. vufind-org/vufind#501 Closed 2 tasks ralphilius added a commit to ralphilius/bitcoin-faucet-rotator that referenced this issue Jan 1, 2016 Update composer.json … be4bfce Fix for this issue: composer/composer#3542 ralphilius mentioned this issue Jan 1, 2016 Update composer.json rattfieldnz/bitcoin-faucet-rotator#2 Closed Copy linko5 commented Oct 20, 2016 • edited Loading
Is possible to remove auth token via composer config -g command? I mean something like composer config -g --unset repositories.foo but for auth.json .
Sure, I can remove by fe jg but build-in support in composer should be cool.
Copy link MemberSeldaek commented Oct 21, 2016
This will do it for example: composer config --global --auth --unset github-oauth.github.com
fantomas mentioned this issue Mar 24, 2017 Cannot install via Composer getsentry/symfony-amg-sentry-plugin#17 Open nrk mentioned this issue May 7, 2017 please create a GitHub OAuth token to go over the API rate limit???? predis/predis#438 Closed orlangur mentioned this issue Oct 6, 2017 Web Setup Wizard can't handle git repositories magento/magento2#11034 Closed wiese mentioned this issue Oct 18, 2017 Fix breaking composer install wmde/fundraising-frontend-content#32 Merged Copy linkbreakline87 commented Apr 16, 2018
Can you guys make something which works without extensive modifications even for a beginner?
dotherightthing mentioned this issue Jul 7, 2018 Failed to execute git clone dotherightthing/generator-wpdtrt-plugin-boilerplate#88 Closed Copy linkcongson95dev commented Aug 27, 2018
solved by use this cmd: composer config --global --auth github-oauth.github.com
for example : composer config --global --auth github-oauth.github.com 123456
alenux commented Oct 17, 2018
solution :
just add in composer.json
"config": {
"process-timeout": 1800,
"fxp-asset": {
"enabled": false
}
},
ew5yte5ye commented Dec 1, 2019 • edited Loading
If you are facing Github token error then open composer.json file and paste below code
"github-oauth": {
"github.com": ""
}
into
"config": {
"preferred-install": "dist",
"sort-packages": true,
"optimize-autoloader": true,
"github-oauth": {
"github.com": ""
}
}
And then update composer
composer update
If you don't have Github token then first login to github.com and generate token and use ablove steps.
yalh76 mentioned this issue Mar 25, 2020 [wip] Fix install for buster YunoHost-Apps/pixelfed_ynh#101 Merged 5 tasks robrecord mentioned this issue Jun 30, 2020 Cloning private repos from GitHub gives error project-satisfy/satisfy#143 Closed Copy linkmijaelsaban commented Apr 8, 2021
The issue is that my token it has an underscore which is never valid according to this logic.
Which here it fails.
foreach ($githubOauth as $domain = $token) { if (!preg_match('{^[.a-z0-9]+$}', $token)) { throw new \UnexpectedValueException('Your github oauth token for '.$domain.' contains invalid characters: "'.$token.'"'); } $this- checkAndSetAuthentication($domain, $token, 'x-oauth-basic'); } Copy link MemberSeldaek commented Apr 9, 2021
@mijaelsaban make sure you update Composer to the latest version before reporting error, this was fixed last week.
Copy linkBoby commented Apr 10, 2021
I am running on composer 2 and having this issue, anyway we can remove it make it just ask for auth again? as I am running in docker and cant get it cleaned up
Copy linkb-hayes commented Jul 19, 2021
yeah, I ran into this on composer 2 as well . Have to manually update the token to the auth.json
Copy linkPuffPastry commented Oct 29, 2021 • edited Loading
This issue just appeared again, was using version 2.0.8 when it happened.
Updated composer using composer self-update to version 2.1.9 but the issue persisted.
Previously set token had expiry date of Sun, Dec 5 2021. Regenerating the token solved the issue.
Copy linkLoukili-Rachid commented Jul 8, 2022 • edited Loading
the solution is here : https://stackoverflow.com/questions/31766546/composer-error-with-github-oauth-token-on-fresh-laravel-homestead-provision/72911657#72911657
Copy linkMrAnassBaba commented Mar 24, 2023 • edited Loading
Otherwise run this command composer diagnose to checking composer status.
And check recommendation alert, finally Updated composer using composer using composer self-update
skdishansachin commented Aug 30, 2023
@fonsecas72 thanks a lot.
Copy linkOCHIENGHerman commented May 9, 2024
You can solve it by creating a new github token to authenticate your composer requests. You can do this two ways:
By defining your token globally:
composer config --global github-oauth.github.com TOKENOr by defining your token in a project composer.json:
{ "config" : { "github-oauth" : { "github.com" : " TOKEN " } } }More information about the problem and how to generate github tokens: Composer troubleshooting
Copy linkOCHIENGHerman commented May 9, 2024
Thanks it worked.
Sign up for free to join this conversation on GitHub . Already have an account? Sign in to comment Labels None yet 27 participants and othersFooter
© 2024 GitHub, Inc.Footer navigation
Terms Privacy Security Status Docs Contact Manage cookies Do not share my personal information You can’t perform that action at this time.- UTILITY TOKENS CAN BE EXEMPT FROM SECURITIES ...
- Authentication tokens | SonarQube Server Documentation
- Legality of cryptocurrency by country or territory
- Authentication for privately hosted packages and repositories
- How are crypto regulations changing around the world?
- What exactly are limited time tokens? Do they expire at the ...
- How to use external api access tokens without exposing ...
- Introduction to tokens | Vault
- OAuth2 with Password (and hashing), Bearer with JWT ...
- Group access tokens
- UTILITY TOKENS CAN BE EXEMPT FROM SECURITIES ...
... tokens using the Restrict changes to repository settings dropdown. ... For project or repository tokens, you must only use Bearer Auth without the ... - Authentication tokens | SonarQube Server Documentation
And no limit to how many times a single token can be referenced. This allows ... Sometimes known as global tokens, they define the values in a system. - Legality of cryptocurrency by country or territory
No Unauthorized Use. You agree not to allow anyone to use your Wallet or share your credentials with any other person for the purpose of ... - Authentication for privately hosted packages and repositories
Two bills in particular, the Financial Innovation and Technology (FIT) for the 21st Century Act and the Blockchain Regulatory Certainty Act ... - How are crypto regulations changing around the world?
Let's make the application actually secure, using JWT tokens and secure password hashing. This code is something you can actually use in your application. - What exactly are limited time tokens? Do they expire at the ...
Legal tender (bitcoin is officially recognized as a medium of exchange) ; Permissive (legal to use bitcoin, with minimal or no restrictions) ; Restricted (some ... - How to use external api access tokens without exposing ...
Access tokens can't be revoked and are valid until their expiry. A malicious actor that has obtained an access token can use it for extent of ... - Introduction to tokens | Vault
... tokens using the Restrict changes to repository settings dropdown. ... For project or repository tokens, you must only use Bearer Auth without the ... - OAuth2 with Password (and hashing), Bearer with JWT ...
Tokens without restrictions will work for requests originating from any URL. (emphasis my own). They require the access token on the client side ... - Group access tokens
Network tokenization promises merchants reduced fraud rates, increased payment success, and a better payment experience. Learn more about network tokens.
... tokens using the Restrict changes to repository settings dropdown. ... For project or repository tokens, you must only use Bearer Auth without the ...
And no limit to how many times a single token can be referenced. This allows ... Sometimes known as global tokens, they define the values in a system.
No Unauthorized Use. You agree not to allow anyone to use your Wallet or share your credentials with any other person for the purpose of ...
Two bills in particular, the Financial Innovation and Technology (FIT) for the 21st Century Act and the Blockchain Regulatory Certainty Act ...
Let's make the application actually secure, using JWT tokens and secure password hashing. This code is something you can actually use in your application.
Legal tender (bitcoin is officially recognized as a medium of exchange) ; Permissive (legal to use bitcoin, with minimal or no restrictions) ; Restricted (some ...
Access tokens can't be revoked and are valid until their expiry. A malicious actor that has obtained an access token can use it for extent of ...
... tokens using the Restrict changes to repository settings dropdown. ... For project or repository tokens, you must only use Bearer Auth without the ...
Tokens without restrictions will work for requests originating from any URL. (emphasis my own). They require the access token on the client side ...
Network tokenization promises merchants reduced fraud rates, increased payment success, and a better payment experience. Learn more about network tokens.