Avoid prompting for GitHub OAuth token when dist install authentication fails

[jlevers]

I have basic auth implemented on top of my Satis server, since I'm using it to serve packages that I sell access to. However, when my auth returns a 401 Unauthorized error, instead of the package install failing right then, Composer tries to download the source from GitHub, and since the source repository is private, prompts the user for a GitHub OAuth token.

Is there some way to prevent this? It's a bit confusing for the end user.

Thanks for all your work on Satis and Composer!

[SvenRtbg]

Adding username and password to the additional "packagist" URL that is included in every composer.json should do the trick, but may violate the intention why you have basic auth in place.

It works for me for years for an SVN hosted repo (don't ask why SVN is involved...) which requires basic auth, and is using a single public username and known password for everybody.

[jlevers]

Thanks @SvenRtbg -- yeah, unfortunately I kinda need the auth to work on a per-user basis, because some people will have access to packages that other won't :)