1. 技术文章
  2. When composer connects to GitHub I receive a warning about a deprecation authentication method. What authentication configuration should I use?

When composer connects to GitHub I receive a warning about a deprecation authentication method. What authentication configuration should I use?

白昼怎懂夜的黑 提交于 2020-06-08 07:09:53

问题


GitHub has started sending emails about deprecated authentication but I have not yet found a resource for detailing what composer's auth.json should look like under the new regime.

My requirements are relatively simple - using composer to update a Symfony application in development and occasionally experimenting with other repos.

With this, my original configuration (automatically built)...

{
    "github-oauth": {
        "github.com": "(a string)"
    }
}

... I receive this warning:

...your personal access token...was used as part of a query parameter to access an endpoint through the GitHub API...Please use the Authorization HTTP header instead...

But when I try with this other configuration:

{
    "http-basic": {
        "github.com": {
            "username": " my email address",
            "password": " my password "
        }    }
}

I receive this other warning:

You recently used a password to access an endpoint through the GitHub API using Composer/1.9.1 ...We recommend using a personal access token (PAT) with the appropriate scope to access this endpoint instead.

What should it really look like and why am I getting these deprecation warnings?


回答1:


Of these two configurations, the first is the correct one.

The "string" should be your Personal Access Token (PAT), configured with the appropriate access scopes on GitHub.

To configure the scopes for your token you need to visit your GitHub Developer Settings -> Personal Access Tokens.

The second format attempts to authenticate sending your username and password instead of a generated token. That's a bad security practice, and should not be done.

But the main reason you are getting the first warning is because you are running an old composer version.

You need to update to the 1.9.3 version, where this was fixed. On previous versions you may get the deprecation warning nonetheless because of how composer connects to GitHub.




回答2:


Update composer and the error will disappear

php composer.phar self-update

or

composer self-update


来源:https://stackoverflow.com/questions/60179378/when-composer-connects-to-github-i-receive-a-warning-about-a-deprecation-authent

标签
php
github
composer-php
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!