-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve auth.json.sample #20416
Improve auth.json.sample #20416
Conversation
Hi @brendanfalkowski. Thank you for your contribution
For more details, please, review the Magento Contributor Assistant documentation |
Hi @okorshenko, thank you for the review. |
Hi @brendanfalkowski, thank you for your contribution! |
Hi @brendanfalkowski. Thank you for your contribution. |
1 similar comment
Hi @brendanfalkowski. Thank you for your contribution. |
@brendanfalkowski: I don't really agree with the Github OAuth token in this sample file. Composer has a user specific configuration file for that, usually in your home directory: I think this could turn out to be a sort of security problem when people put their personal Github OAuth token in the In my opinion the Thoughts? Other opinions? |
@hostep Thanks for writing about this. The security implications make sense, but from my personal experience when Magento did not provide any guidance on Composer and GitHub auth that made Magento even harder to install. For someone who rarely uses Composer (a frontend developer like me) having a complete configuration file eases the introduction and might still necessary on the server depending on how code is deployed. I created a PR for Dev Docs a few weeks ago that expanded this part of the documentation, and asked for feedback on whether GitHub personal access tokens were actually the best method. It was the only thing I found that worked, but there was no feedback on the changes when it was approved. I made this PR following the same idea that providing more information in context gives an inexperienced person hints at what they're missing. I don't think things like this should be exclusively in code or documentation, but both to improve awareness. Personally I am using the "home directory" and "project directory" Composer auth.json in different projects without committing them to Git. I faced the same issue of Environments and configuration is not an area I work on, but security is more important than ease of use. If Magento decides to amend the sample file then that's fine. I would like to see the Dev Docs become more accurate and opinionated because that also removes confusion when you have to be open to multiple ways of working. |
Thanks for the feedback, I'll have a look in the documentation to see if this can be explained better (maybe later this week). You are correct in that you (sometimes) need Github personal access tokens (even on non-Magento projects), but the place where you should store them would be in your user configuration and not in the project configuration in my opinion. |
Description (*)
auth.json.sample
was indented with 3-spaces not the normal 4-spaces for JSON, which was corrected.Manual testing scenarios (*)
None. File is non-executable and is a sample of this environment file.
Contribution checklist (*)