Support for GitHub two-factor authentication

[hkdobrev]

Sometimes when composer fetches data from GitHub it needs your credentials to go over the API rate limit.

It will ask for your username and password and it says it exchanges them for an OAuth token.

But when the user has enabled two-factor authentication on their account this workflow no longer works. The password is not enough to obtain a token anymore. There are some basic explanations here: https://help.github.com/articles/providing-your-2fa-security-code#through-the-command-line

IMHO it should always ask directly for a token which the user should generate manually on github.com (instead of trusting composer it would not use the password for malicious purposes).

[Seldaek]

Yes now that it's easily possible to create tokens on the site, it would indeed make more sense than asking for passwords.

[hkdobrev]

Just to elaborate more on this issue.

I was able to make the API request work when I disabled my 2FA, gave my password and then enabled it again.

Also when I wasn't able to make composer ask for my token directly, I have tried to write it directly in ~/.composer/config.json, but I couldn't guess the format easily.

[nicbaz]

Ran into this problem today, as a temporary workaround you can manually update ~/.composer/config.json :

{
    "config": {
        "github-oauth": {
            "github.com": "<your access token here>"
        }
    }
}

[killua99]

Guys something new about this? ...

[Seldaek]

This has been fixed a month ago.