Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Generate a GitHub Personal Access Token for Private Composer Packages

Generate a GitHub Personal Access Token for Private Composer Packages

If you're trying to load a private repository with Composer/Laravel, we'll need to generate a GitHub Personal Access Token (similar to OAuth token) to access the repository during a composer install without entering credentials.

If you have used other Github packages from {my-org} before, you may be able to skip this step.

  1. Visit

  2. Click Generate new token.

     Token Description: (your computer name)
         [X] repo
             [X] repo:status
             [X] repo_deployment
             [X] public_repo
             [X] repo:invite
  3. Click Generate token.

  4. Copy the generated string to a safe place, such as a password safe.

  5. Open Terminal and add the github token. Note: The file may be empty.

     #  nano ~/.composer/auth.json
         "github-oauth": {
             "": "abc123def456ghi7890jkl987mno654pqr321stu"
  6. Test if the authentication is working by doing a clone.

     cd ~/Sites/
     git clone
     (You should not be prompted for credentials)
Copy link

MikeiLL commented Apr 10, 2018

Thanks for this, man.

Copy link

alcohol commented Jun 4, 2018

Nice, feel free to submit a PR to our documentation through

I would suggest putting it right after the entry that already talks about the oauth token "API rate limit and OAuth tokens" :-)

Copy link

marcelofabianov commented Sep 26, 2018


Copy link

Potherca commented Jun 5, 2021

Rather than editing the config file, I prefer using:

composer config -g abc123def456ghi7890jkl987mno654pqr321stu

It might also be worth noting that, for GitHub Actions or other build environments, one can set an environment variable:

        COMPOSER_AUTH: '{"github-oauth": {"": "abc123def456ghi7890jkl987mno654pqr321stu"}}'

Copy link

adampatterson commented Jan 12, 2022

Curious why you are testing by doing a Git Pull?

For example, my Git checkouts work fine, but my composer update via Public and Private reposity stopped working ( I think my token expired ).

I ran composer config --global --auth ghp_xxxxxxxx which saved to my auth.json file but I am still getting errors.

    "github-oauth": {
        "": "ghp_xxxxxxxx"

Is there a cache or something that I should clear?

git@ uses the oAuth while https:// uses basic auth with a username and token for the password.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment