Skip to: Content or Footer

Install ACF with Composer using auth.json for authentication

Created on
No updates
Approx ~3 minutes reading time for 670 words.

Introduction

Since ACF 6.0.7 it’s been possible to allow installing the PRO version via Composer without using one of the plethora of ‘hacks’ out there to get around authentication. It’s been on my to-do list for quite a while now but I finally got round to updating all my personal sites.

My old method

composer.json

"repositories": [
  {
    "type": "package",
    "package": {
      "name": "advanced-custom-fields/advanced-custom-fields-pro",
      "version": "[VERSION]",
      "type": "wordpress-plugin",
      "dist": {
        "type": "zip",
        "url": "https://connect.advancedcustomfields.com/index.php?t=[VERSION]&p=pro&a=download&k=[License-Key]"
      }
    }
  }
],
"require": {
  "advanced-custom-fields/advanced-custom-fields-pro": "*"
}

This worked albeit a bit of a pain as you had to remember to manually change the version number in two places. It also meant having the key viewable as part of the distro which wasn’t great.

There were a handful of other solutions available but I stuck with this until a ‘proper’ fix presented itself.

The new method, using auth.json

composer.json

"repositories": [
  {
    "type": "composer",
    "url": "https://connect.advancedcustomfields.com"
  }
],
"require": {
  "wpengine/advanced-custom-fields-pro": "*"
}

auth.json

{
  "http-basic": {
    "connect.advancedcustomfields.com": {
      "username": "[License-Key]",
      "password": "https://barrd.dev"
    }
  }
}
For further details read the ACF official documentation which covers everything in detail and has some extra tips and tricks.

Git ignore and manually add auth.json to production

As an extra precautionary measure I added auth.json to my .gitignore file, then SSH‘d into the production server and added the auth file manually on the CLI using nano.

Composer update

Last thing I did was fire the composer update --no-dev command. As I’m using Query Monitor and other dev tools on local / staging I use the --no-dev flag to ensure no unneeded plugins etc are used on production.

Composer output
Composer output

Job done, no errors and no conflicts with the composer.lock file.

Final thoughts

A simple enough job to do and once completed for all your sites will make future updates and composer use far simpler (and more secure if adding auth.json to .gitignore.)

Big thanks to the team at Delicious Brains & WP Engine for getting this all sorted out.

// End of Article

Article Information

Category: QuickNote
Topics: #Tech-Stack, #WordPress

Dave Barr

Bristol based Scottish Expat who has 20+ years experience of Web Development and is continually on the look out to improve his skill sets. Learning new and innovative solutions for current requirements in the world of IT, WebDev and eCommerce.

About Dave Barr

Image for Dave Barr
Bristol based Scottish Expat who has 20+ years experience of Web Development and is continually on the look out to improve his skill sets. Learning new and innovative solutions for current requirements in the world of IT, WebDev and eCommerce.

Read more about Dave

Click to Copy