Author: Manuel Lemos
Viewers: 145
Last month viewers: 50
Categories: PHP Tutorials
Read this article to learn how it works and how you can use this feature to automate the installation of packages from PHP Classes and other Composer repositories that may require password based authentication.
Contents
Password Based Access to Composer Repositories
Automating the Access to Password Protected Repositories
Composer Passwords versus User Passwords
Password Based Access to Composer Repositories
There are several public package repositories packages running Composer like Packagist, PHP Classes or even JS Classes, but some projects need to retrieve packages from private repositories with code that is not supposed to made available to the public because they contains sensitive business information.
Private repositories are often protected with passwords, so only authorized users can access them.
In PHP Classes and JS Classes part of the packages also require the user to authenticate with a password, so the site can track which user is downloading each package. This is an optional feature that each author may keep or remove.
Many authors prefer to keep it, so the site can make an accurate counting of unique users that download each package. This makes it possible for the site to notify users by email when the packages are updated.
Automating the Access to Password Protected Repositories
Composer can access repositories protected with passwords. However, until recently, every time the user needed to install or update packages from protected repositories, the user had to enter the password manually again, thus making this a tedious and frustrating experience.
Early this year I have developed a PHP package that works as Composer plug-in to install asset files outside the vendor directory, like JavaScript, CSS and image files.
Additionally this plug-in package is able to automate the login in Composer repositories by reading passwords from a configuration file. This was a step forward to solve the problem of Composer authentication automation, but it was not an ideal solution for all developers because it would require them to install this package first.
Finally Jordi Boggiano of Composer fame has committed a patch submitted Stephan Hochdörfer of bitExpert to add built-in support to automate Composer authenticated access to password based repositories, as well added some other nice improvements.
These improvements can make Composer read user names and passwords from a file named auth.json located in the Composer home directory or in the current directory of your project composer.json file.
You do not have to create the auth.json file manually. To make your life simpler, Composer can prompt the user to enter the user name and password and then it asks if you want it to save those credentials to auth.json file.
Alternatively you can also configure the authentication credentials using this Composer command:
composer config www.phpclasses.org username password
If you are concerned with security matters and do not want passwords to be stored in files, you can configure Composer to never save passwords to the auth.json file using this command:
composer config -g store-auths false
Composer Passwords versus User Passwords
For security reasons it is safer to not use the same passwords for Composer as the ones used in sites. Therefore the PHP Classes and JS Classes sites Composer repositories require that each user enters passwords that are not the same as the ones they use to login in the site.
Those are random passwords generated by the site. You can install any package with the same password. Each of the sites has its own password for each user, even for users that are the same in PHP Classes and JS Classes.
To know what is your Composer password, go on the page of the package you want to install and click on the link that says Install with Composer. That page shows your user name and Composer password.
Soon the user interface of the package pages of PHP Classes and JS Classes sites will be improved significantly. So if you are reading this after the new package page design was deployed, you should go on the Download tab and click on the Install with Composer link.
By the way, the new package page design is almost ready for the final beta testing period. If you are willing to test it and give some feedback before it is launched, please go on the this page, fill the form with your details and wait a little bit to be contacted.
You need to be a registered user or login to post a comment
1,616,683 PHP developers registered to the PHP Classes site.
Be One of Us!
Login Immediately with your account on:
Comments:
2. class - reza (2014-06-01 22:01)
tnx... - 0 replies
Read the whole comment and replies
1. well done - Mantas (2014-05-29 20:28)
nice job... - 1 reply
Read the whole comment and replies