当 Composer 连接到 GitHub 时,我收到关于弃用身份验证方法的警告.我应该使用什么身份验证配置?
GitHub 已开始发送有关已弃用身份验证的电子邮件,但我尚未找到详细说明 composer 的 auth.json
在新制度下应该是什么样子的资源.
GitHub has started sending emails about deprecated authentication but I have not yet found a resource for detailing what composer's auth.json
should look like under the new regime.
我的要求相对简单——使用 composer 更新开发中的 Symfony 应用程序,并偶尔尝试其他 repos.
My requirements are relatively simple - using composer to update a Symfony application in development and occasionally experimenting with other repos.
有了这个,我原来的配置(自动搭建)...
With this, my original configuration (automatically built)...
{
"github-oauth": {
"github.com": "(a string)"
}
}
...我收到此警告:
...您的个人访问令牌...被用作查询参数的一部分通过 GitHub API 访问端点...请使用而是授权 HTTP 标头...
...your personal access token...was used as part of a query parameter to access an endpoint through the GitHub API...Please use the Authorization HTTP header instead...
但是当我尝试使用其他配置时:
But when I try with this other configuration:
{
"http-basic": {
"github.com": {
"username": " my email address",
"password": " my password "
} }
}
我收到另一个警告:
您最近使用密码通过 GitHub 访问端点API 使用 Composer/1.9.1 ...我们建议使用个人访问令牌(PAT) 具有适当的范围来访问此端点.
You recently used a password to access an endpoint through the GitHub API using Composer/1.9.1 ...We recommend using a personal access token (PAT) with the appropriate scope to access this endpoint instead.
它应该是什么样子?为什么我会收到这些弃用警告?
What should it really look like and why am I getting these deprecation warnings?
推荐答案
这两种配置,第一种是正确的.
Of these two configurations, the first is the correct one.
字符串"应该是您的个人访问令牌 (PAT),使用 GitHub 上的适当访问范围.
The "string" should be your Personal Access Token (PAT), configured with the appropriate access scopes on GitHub.
要配置令牌的范围,您需要访问 GitHub 开发人员设置 -> 个人访问令牌.
To configure the scopes for your token you need to visit your GitHub Developer Settings -> Personal Access Tokens.
第二种格式尝试验证发送您的用户名和密码而不是生成的令牌.这是一种糟糕的安全做法,不应该这样做.
The second format attempts to authenticate sending your username and password instead of a generated token. That's a bad security practice, and should not be done.
但您收到第一个警告的主要原因是您运行的是旧版作曲家.
But the main reason you are getting the first warning is because you are running an old composer version.
您需要更新到1.9.3版本,解决此问题的地方.尽管如此,在以前的版本中,由于 composer 连接到 GitHub 的方式,您可能会收到弃用警告.
You need to update to the 1.9.3 version, where this was fixed. On previous versions you may get the deprecation warning nonetheless because of how composer connects to GitHub.
相关文章