Removed github oauth token in sample file. The token is a personal to…

[hostep]

…ken and should not be used on the application level.

Description (*)

This is a follow up to Pull Request: #20416

As discussed in #20416 (comment), the github oauth token is a personal token. It should be used on user level in the system and not on application level. The file auth.json in the Magento root directory represents the application level.

After reading the Magento documentation around this, it looks like it is communicated correctly in there, where it says the auth.json file with the github oauth token should be in your user directory, which is correct.

Create the auth.json file in the user’s home directory. For example, if magento_user is your Unix username, then create /home/magento_user/.composer/auth.json.

So I don't think the documentation needs to be changed.
We could however add a link on the documentation to https://getcomposer.org/doc/articles/troubleshooting.md#api-rate-limit-and-oauth-tokens, to better explain why the github oauth token is needed.
Let me know if you think this needs to happen and I'll try to create a PR to the devdocs repo as well.

The reason why this PR is created, is because Magento users sometimes commit the auth.json file to the VCS, and if you add your github oauth token in that file and let your co-workers use the same token because it was added to VCS, then we have some sort of security-related problem where users other then yourself use your personal github oauth token.
We shouldn't advise users of Magento to follow this practice.

/cc @brendanfalkowski, @okorshenko

Fixed Issues (if relevant)

Not relevant

Manual testing scenarios (*)

Not relevant

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• All automated tests passed successfully (all builds on Travis CI are green)

[magento-engcom-team]

Hi @hostep. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento-engcom-team give me test instance - deploy test instance based on PR changes
• @magento-engcom-team give me 2.3-develop instance - deploy vanilla Magento instance

For more details, please, review the Magento Contributor Assistant documentation

[dmytro-ch]

Hello, @hostep,
thank you for your contribution.
This is a really good point.
The auth.json.sample is rather an example file that should meet the basic needs of a user in the authentication for repo.magento.com in order to install third-party Composer packages.
I guess we should remove the optional section matching the specific developer's needs.

[dmytro-ch]

.

[magento-engcom-team]

Hi @dmytro-ch, thank you for the review.
ENGCOM-4198 has been created to process this Pull Request

[ghost]

Hi @hostep, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.