I am trying to install a github project using composer and get the following error
Composer [UnexpectedValueException] Your Github oauth token for github.com contains invalid characters: ""
Can anyone explain what I need to do to correct this error?
I am using the following command
composer create-project --prefer-dist --stability=dev vova07/yii2-start yii2-start
Thank you
composer self-update
was helpful for me: stackoverflow.com/a/67828227/470749
I started getting a similar error and the reason was that Github recently changed the format of their auth tokens:
To resolve the error:
Find the composer/auth.json file (if you're running the project in a container, you'll have to bash into it and find the file in there) Remove its github.com entry. Your file will probably look like the following after removing the entry: {"github-oauth": {}} Run composer self-update. The issue got resolved in version 2.0.12. See the first item in the changelog for that version here: https://getcomposer.org/changelog/2.0.12
After that, you can restore your composer/auth.json
file to its initial state as the newer version of composer will recognize the new key format.
You can try Basic Auth instead:
Change this (oauth):
"github-oauth": {
"github.com": "ghp_[YOUR-PERSONAL-TOKEN]"
}
To this (basic auth):
"http-basic": {
"github.com": {
"username": "[YOUR-GITHUB-USERNAME]",
"password": "ghp_[YOUR-PERSONAL-TOKEN]"
}
}
You can find instructions on how to create a Personal Access Token
Inspired from github docs. Apparently, you can use Basic Authentication with a Personal Access token instead of oauth in some cases (e.g. like mine: installing a private git repo with composer).
/root/.composer/auth.json
in my Docker container (not on my PC) using an editor like vim, then it worked.
I fixed it.
Goto C:\Users\XXXXX\AppData\Roaming\Composer
Open the auth.json
delete the github.com entry under "github-oauth": {}
That's it.
github-auth
entry, run composer self-update
and then add whatever you deleted back to the file.
Update answer for Masiorama and Ruchir Mehta: If you looking for file auth.json but don't know how, use this command:
locate auth.json
And here's the result: You can see that auth.json will look like this:
/home/{your user name}/.config/composer/auth.json
https://i.stack.imgur.com/mvnfA.png
Then you could use this command to edit the file:
sudo gedit /home/dev/.config/composer/auth.json
https://i.stack.imgur.com/WTcZ8.png
If you're on MacOS, the auth.json
file is at ~/.composer/auth.json
. Then from there, you can remove the value for github-oauth
. I tried fully deleting the file but I got a parse error, Expected one of: 'STRING', 'NUMBER', 'NULL', 'TRUE', 'FALSE', '{', '['
. Your auth.json
file should look like this:
{
"github-oauth": {}
}
This is similar to other answers posted but I wasn't able to use the locate
command on MacOS so this might be helpful to other Mac users
This error recently popped up from nowhere.
Simply deleting the whole auth file worked for me..! Not sure why / when it appeared in the first place.
~/.composer/auth.json
As far as I know (I'm a beginner with composer too), the problem is with your authentication, so you have to fix your credentials in auth.json inside path-to-composer/.composer/
Inside you will find a json which will probably looks like:
{
"github-oauth": {
"github.com": null
}
}
Fix that and you should be ok ;)
The solution is just to upgrade your Composer version using command composer self-update
.
composer self-update
didn't work for me even though I think it did in the past since I see that I'd already upvoted this answer. Today stackoverflow.com/a/68149438/470749 helped.
Same solution as the answer of Paulina Khew but with command lines on MacOS :
cd ~/.composer/
nano auth.json
Delete what is inside th bracket :
{
"github-oauth": {}
}
When you're ready to save the file, hold down the Ctrl key
and press the letter O
Press the Enter
key on your keyboard to save.
When finished, press Ctrl + X
to close nano and return to your shell.
Go to C:\Users\UserName\AppData\Roaming\Composer Open the auth.json file. Clear everything and paste the below code
{
"bitbucket-oauth": {},
"github-oauth": {},
"gitlab-oauth": {},
"gitlab-token": {},
"http-basic": {},
"bearer": {}
}
I hope it will be solved
I run in the same problem after upgrading githup api token to the new format. The answer is you need to upgrade composer version 1.10.21 or higher that fixes this problem.
~/.composer/auth.json
=> "github-oauth": {}
. Then, update composer to the latest needed major version. For instance, if you need version 1: composer self-update --1
and you will be good to go.
Edit the composer authentication configuration file ~/.composer/auth.json
Then replace the following.
"http-basic": {
"github.com": {
"username": "[YOUR-GITHUB-USERNAME]",
"password": "ghp_[YOUR-PERSONAL-TOKEN]"
}
}
Now run the command composer install
That's a bug.
If you have Debian or Ubuntu, try this patch. Otherwise read the last line.
Quick copy-paste patch
If you have Debian 10 buster or Ubuntu 20.LTS or similar distributions, try this copy-paste command:
wget https://gist.githubusercontent.com/valerio-bozzolan/84364c28a3bba13751c504214016adcf/raw/c1356d529c89c10de4c959058e2e86ffe58fa407/fix-composer.patch -O /tmp/fix-composer.patch
sudo patch /usr/share/php/Composer/IO/BaseIO.php /tmp/fix-composer.patch
If it does not work, write it in the comments.
Step-by-step explaination
Your Composer version has a bug: you are able to save a valid GitHub token, but then it's not able to read that token again because Composer thinks that your GitHub token cannot contain underscores or stuff like that. Moreover, it's strange that Composer checks its syntax only the second time. Why? that's another story.
The fix is simple. You can temporary disable that wrong validation in your Composer version. Also because GitHub is a proprietary service and their specifications can change over time (as you demonstrated today). So it makes sense not to validate the syntax of GitHub tokens. The only person who should hard-validate GitHub tokens is GitHub itself, not Composer.
If you installed Composer via apt install composer
, probably you will not have any update available and surely you cannot use self-update
because Composer is read-only for security reasons (and for a similar reason, you should not execute Composer from root
). Instead, you can create a safe hot-patch to fix that specific issue.
To create a patch, create a file called /tmp/fix-composer.patch
with this exact content:
103,105c103,105
< if (!preg_match('{^[.a-z0-9]+$}', $token)) {
< throw new \UnexpectedValueException('Your github oauth token for '.$domain.' contains invalid characters: "'.$token.'"');
< }
---
> // if (!preg_match('{^[.a-z0-9]+$}', $token)) {
> // throw new \UnexpectedValueException('Your github oauth token for '.$domain.' contains invalid characters: "'.$token.'"');
> //
That content can also be seen from here:
https://gist.github.com/valerio-bozzolan/84364c28a3bba13751c504214016adcf
Then run this command to apply that patch:
sudo patch /usr/share/php/Composer/IO/BaseIO.php /tmp/fix-composer.patch
If it does not work, probably you have not installed composer
via apt
.
In short, whatever operating system, and whatever installation method, locate the file BaseIO.php
in your Composer and comment out the validation check.
Success story sharing
php /usr/local/bin/composer self-update
from within the container where I have the project running and it worked for me.~/.composer/auth.json
with{}
to get passed the error. stackoverflow.com/a/38746307/569976 talks about where to find this directory YMMYgithub-oauth
line from the~/.config/composer/auth.json
file, run composer self-update and the add the removed line back to auth.json