Auth via Manual Inline Basic Http is Misleading

[ralphschindler]

On: https://getcomposer.org/doc/articles/authentication-for-private-packages.md#manual-inline-http-basic

The suggestion to use username:password does not work when composer install is initially run via a non-interactive console.

Moving the credentials to the composer.json's config.http-basic.<domain>.{username,password} keys fixes the issue, but is non-obvious and should be called out as the preferred solution for those who wish to have credentials in their composer.json. If you have direction for the suggested fix in documentation, I can attempt to create a PR.

[Seldaek]

I'm not sure, I feel like it's a bug if this doesn't work, but I'd have to try and check why it's not working..

[Seldaek]

So I cannot repro this..

{
    "repositories": [
        {
            "type": "composer",
            "url": "https://MY_USER:[email protected]/test-repo/"
        }
    ], 
    "require": {
        "foo/bar": "*"
    }
}

Running composer update -vvv --no-interaction I get this:

[...]
Using HTTP basic authentication with username "MY_USER"
Downloading https://MY_USER:***@repo.packagist.com/test-repo/packages.json
[200] https://MY_USER:***@repo.packagist.com/test-repo/packages.json

So it seems to work fine despite not being too advisable.