72

I am trying to install a Github project using composer and get the following error:

Composer [UnexpectedValueException] Your Github oauth token for github.com contains invalid characters: ""

Can anyone explain what I need to do to correct this error?

I am using the following command:

composer create-project --prefer-dist --stability=dev \
    vova07/yii2-start yii2-start

Thank you.

hakre
  • 193,403
  • 52
  • 435
  • 836
Lloyd
  • 731
  • 1
  • 5
  • 4
  • 2
    The new answer with `composer self-update` was helpful for me: https://stackoverflow.com/a/67828227/470749 – Ryan Jun 10 '21 at 17:01

14 Answers14

88

I started getting a similar error and the reason was that Github recently changed the format of their auth tokens:

https://github.blog/changelog/2021-03-31-authentication-token-format-updates-are-generally-available/

To resolve the error:

  1. Find the composer/auth.json file (if you're running the project in a container, you'll have to bash into it and find the file in there)
  2. Remove its github.com entry. Your file will probably look like the following after removing the entry: {"github-oauth": {}}
  3. Run composer self-update. The issue got resolved in version 2.0.12. See the first item in the changelog for that version here: https://getcomposer.org/changelog/2.0.12

After that, you can restore your composer/auth.json file to its initial state as the newer version of composer will recognize the new key format.

rafaelbiten
  • 6,074
  • 2
  • 31
  • 36
78

You can try Basic Auth instead:

Change this (oauth):

  "github-oauth": {
    "github.com": "ghp_[YOUR-PERSONAL-TOKEN]"
  }

To this (basic auth):

  "http-basic": {
    "github.com": {
      "username": "[YOUR-GITHUB-USERNAME]",
      "password": "ghp_[YOUR-PERSONAL-TOKEN]"
    }
  }

You can find instructions on how to create a Personal Access Token

Inspired from github docs. Apparently, you can use Basic Authentication with a Personal Access token instead of oauth in some cases (e.g. like mine: installing a private git repo with composer).

kevnk
  • 18,733
  • 3
  • 28
  • 30
  • 6
    Unless you can update Composer to v2, this is the only working solution. Thanks! – gyo Apr 12 '21 at 12:40
  • 1
    Worked for me, I had to update the file `/root/.composer/auth.json` in my Docker container (not on my PC) using an editor like vim, then it worked. – Paul Apr 14 '21 at 17:47
  • It worked for me after updating .compoer/auth.json as mentioned – Praveen Govind Apr 19 '21 at 15:30
40

I fixed it.

Goto C:\Users\XXXXX\AppData\Roaming\Composer

Open the auth.json

delete the github.com entry under "github-oauth": {}

That's it.

Ruchir Mehta
  • 417
  • 4
  • 2
  • 4
    Composer seem to do a rather aggressive validation on tokens. So aggressive, that updating my GitHub token to the new format yielded this error to me. I was running Composer 2.0.8 and I had to remove the token and update to Composer 2.0.12 and the re-apply the token. – Niklas Ekman Apr 06 '21 at 09:30
  • @NiklasEkman how did you solve it? i tried removing the github.com but it did'nt work. can you shae your structure? – Thiago Dias Apr 06 '21 at 13:56
  • @Thiago Follow the instructions in the answer above. After you've deleted the `github-auth` entry, run `composer self-update` and then add whatever you deleted back to the file. – Niklas Ekman Apr 07 '21 at 15:00
  • I've comment an update for this answer, please check. – fudu Apr 13 '21 at 07:11
  • File does not exist at the specified location. – Paul Apr 13 '21 at 23:38
  • @ruchir.mehta I am receiving this error after applying your solution. Thanks for the location of the file by the way. I was having difficulty in finding. [Seld\JsonLint\ParsingException] "C:/Users/umair/AppData/Roaming/Composer/auth.json" does not contain valid JSON Parse error on line 1: "github-oauth": {} -------------^ Expected one of: 'EOF', '}', ',', ']' – Umair May 01 '21 at 14:35
  • This is not a solution. If you need authentication, composer will ask for a token and the problem is created again. – Stephan Vierkant Jun 22 '21 at 07:25
  • Thank you. Solved my problem 2 times. – Abdellah Ramadan Oct 15 '21 at 15:36
18

Update answer for Masiorama and Ruchir Mehta:

If you looking for file auth.json but don't know how, use this command:

locate auth.json

And here's the result:
You can see that auth.json will look like this:

/home/{your user name}/.config/composer/auth.json

enter image description here

Then you could use this command to edit the file:

sudo gedit /home/dev/.config/composer/auth.json

And remove content inside github-oauth. enter image description here

Masiorama
  • 1,066
  • 17
  • 26
fudu
  • 617
  • 1
  • 10
  • 19
14

If you're on MacOS, the auth.json file is at ~/.composer/auth.json. Then from there, you can remove the value for github-oauth. I tried fully deleting the file but I got a parse error, Expected one of: 'STRING', 'NUMBER', 'NULL', 'TRUE', 'FALSE', '{', '['. Your auth.json file should look like this:

{
        "github-oauth": {}
}

This is similar to other answers posted but I wasn't able to use the locate command on MacOS so this might be helpful to other Mac users

Paulina Khew
  • 397
  • 4
  • 13
7

This error recently popped up from nowhere.

Simply deleting the whole auth file worked for me..! Not sure why / when it appeared in the first place.

~/.composer/auth.json

00-BBB
  • 746
  • 7
  • 24
5

As far as I know (I'm a beginner with composer too), the problem is with your authentication, so you have to fix your credentials in auth.json inside path-to-composer/.composer/

Inside you will find a json which will probably looks like:

{
  "github-oauth": {
    "github.com": null
  }
}

Fix that and you should be ok ;)

Masiorama
  • 1,066
  • 17
  • 26
  • 4
    If you do not know how to fix manually, an easier solution would be to completely erase the auth.json. This way, it will try to recreate the credentials the next time you prepare a project. ;) – Masiorama Nov 03 '14 at 11:10
  • 5
    for those on linux looking on the above path: ` ~/.config/composer/auth.json` wrestled a lot with find this today :) – Johhn Apr 07 '21 at 15:13
  • 1
    I've comment an update for this answer, please check. – fudu Apr 13 '21 at 07:11
3

The solution is just to upgrade your Composer version using command composer self-update.

Ryan
  • 22,332
  • 31
  • 176
  • 357
Alhiane
  • 101
  • 1
  • 2
  • 9
  • Today `composer self-update` didn't work for me even though I think it did in the past since I see that I'd already upvoted this answer. Today https://stackoverflow.com/a/68149438/470749 helped. – Ryan Aug 25 '21 at 18:50
3

Go to C:\Users\UserName\AppData\Roaming\Composer Open the auth.json file. Clear everything and paste the below code

{
"bitbucket-oauth": {},
"github-oauth": {},
"gitlab-oauth": {},
"gitlab-token": {},
"http-basic": {},
"bearer": {}
}

I hope it will be solved

Slava Rozhnev
  • 9,510
  • 6
  • 23
  • 39
Tanvir Hossen Bappy
  • 132
  • 4
3

I run in the same problem after upgrading githup api token to the new format. The answer is you need to upgrade composer version 1.10.21 or higher that fixes this problem.

Radon8472
  • 4,285
  • 1
  • 33
  • 41
  • 2
    To give more details, at first, remove the key from file ```~/.composer/auth.json``` => ```"github-oauth": {}```. Then, update composer to the latest needed major version. For instance, if you need version 1: ```composer self-update --1``` and you will be good to go. – Alliswell Sep 27 '21 at 10:39
  • The solution was to change the auth-method like answered here: https://stackoverflow.com/a/67041384/2377961 – Radon8472 Oct 15 '21 at 15:30
2

Same solution as the answer of Paulina Khew but with command lines on MacOS :

cd ~/.composer/
nano auth.json

Delete what is inside th bracket :

{
        "github-oauth": {}
}

When you're ready to save the file, hold down the Ctrl key and press the letter O

Press the Enter key on your keyboard to save.

When finished, press Ctrl + X to close nano and return to your shell.

Sébastien Gicquel
  • 4,227
  • 7
  • 54
  • 84
2

Edit the composer authentication configuration file ~/.composer/auth.json

Then replace the following.

"http-basic": {
  "github.com": {
    "username": "[YOUR-GITHUB-USERNAME]",
    "password": "ghp_[YOUR-PERSONAL-TOKEN]"
  }
}

Now run the command composer install

Harshil Patanvadiya
  • 151
  • 1
  • 6
0

That's a bug.

If you have Debian or Ubuntu, try this patch. Otherwise read the last line.

Quick copy-paste patch

If you have Debian 10 buster or Ubuntu 20.LTS or similar distributions, try this copy-paste command:

wget https://gist.githubusercontent.com/valerio-bozzolan/84364c28a3bba13751c504214016adcf/raw/c1356d529c89c10de4c959058e2e86ffe58fa407/fix-composer.patch -O /tmp/fix-composer.patch
sudo patch /usr/share/php/Composer/IO/BaseIO.php /tmp/fix-composer.patch

If it does not work, write it in the comments.

Step-by-step explaination

Your Composer version has a bug: you are able to save a valid GitHub token, but then it's not able to read that token again because Composer thinks that your GitHub token cannot contain underscores or stuff like that. Moreover, it's strange that Composer checks its syntax only the second time. Why? that's another story.

The fix is simple. You can temporary disable that wrong validation in your Composer version. Also because GitHub is a proprietary service and their specifications can change over time (as you demonstrated today). So it makes sense not to validate the syntax of GitHub tokens. The only person who should hard-validate GitHub tokens is GitHub itself, not Composer.

If you installed Composer via apt install composer, probably you will not have any update available and surely you cannot use self-update because Composer is read-only for security reasons (and for a similar reason, you should not execute Composer from root). Instead, you can create a safe hot-patch to fix that specific issue.

To create a patch, create a file called /tmp/fix-composer.patch with this exact content:

103,105c103,105
<             if (!preg_match('{^[.a-z0-9]+$}', $token)) {
<                 throw new \UnexpectedValueException('Your github oauth token for '.$domain.' contains invalid characters: "'.$token.'"');
<             }
---
> //            if (!preg_match('{^[.a-z0-9]+$}', $token)) {
> //                throw new \UnexpectedValueException('Your github oauth token for '.$domain.' contains invalid characters: "'.$token.'"');
> //

That content can also be seen from here:

https://gist.github.com/valerio-bozzolan/84364c28a3bba13751c504214016adcf

Then run this command to apply that patch:

sudo patch /usr/share/php/Composer/IO/BaseIO.php /tmp/fix-composer.patch

If it does not work, probably you have not installed composer via apt.

In short, whatever operating system, and whatever installation method, locate the file BaseIO.php in your Composer and comment out the validation check.

Valerio Bozz
  • 1,176
  • 16
  • 32
0

If you are using Composer 1 and Magento is latest version.Than upgrade your composer version 2.

Anees
  • 101
  • 4
  • This does in fact not only affects historic versions in the `--1` channel, but also in the channels of `--2` and `--2.2`. Updating however is not a bad idea, albeit other answers cover that already. Looks more like a comment to me than an answer. – hakre Jun 09 '23 at 20:22