Install ACF with Composer using auth.json for authentication

Created on
Apr 29th 2023 29/04/23

No updates
…

Approx ~3 minutes reading time for 670 words.

Introduction

Since ACF 6.0.7 it’s been possible to allow installing the PRO version via Composer without using one of the plethora of ‘hacks’ out there to get around authentication. It’s been on my to-do list for quite a while now but I finally got round to updating all my personal sites.

My old method

composer.json

"repositories": [
  {
    "type": "package",
    "package": {
      "name": "advanced-custom-fields/advanced-custom-fields-pro",
      "version": "[VERSION]",
      "type": "wordpress-plugin",
      "dist": {
        "type": "zip",
        "url": "https://connect.advancedcustomfields.com/index.php?t=[VERSION]&p=pro&a=download&k=[License-Key]"
      }
    }
  }
],
"require": {
  "advanced-custom-fields/advanced-custom-fields-pro": "*"
}

This worked albeit a bit of a pain as you had to remember to manually change the version number in two places. It also meant having the key viewable as part of the distro which wasn’t great.

There were a handful of other solutions available but I stuck with this until a ‘proper’ fix presented itself.

The new method, using auth.json

composer.json

"repositories": [
  {
    "type": "composer",
    "url": "https://connect.advancedcustomfields.com"
  }
],
"require": {
  "wpengine/advanced-custom-fields-pro": "*"
}

auth.json

{
  "http-basic": {
    "connect.advancedcustomfields.com": {
      "username": "[License-Key]",
      "password": "https://barrd.dev"
    }
  }
}

For further details read the ACF official documentation which covers everything in detail and has some extra tips and tricks.

Git ignore and manually add auth.json to production

As an extra precautionary measure I added auth.json to my .gitignore file, then SSH‘d into the production server and added the auth file manually on the CLI using nano.

Composer update

Last thing I did was fire the composer update --no-dev command. As I’m using Query Monitor and other dev tools on local / staging I use the --no-dev flag to ensure no unneeded plugins etc are used on production.

Job done, no errors and no conflicts with the composer.lock file.

Final thoughts

A simple enough job to do and once completed for all your sites will make future updates and composer use far simpler (and more secure if adding auth.json to .gitignore.)

Big thanks to the team at Delicious Brains & WP Engine for getting this all sorted out.

// End of Article

Article Information

Category: QuickNote
Topics: #Tech-Stack, #WordPress

Installing ACF PRO with Composer (advancedcustomfields.com)
Query Monitor Plugin (wordpress.org)
Composer Docs (getcomposer.org)
Delicious Brains Website (deliciousbrains.com)
WP Engine Website (wpengine.co.uk)

About Dave A.K.A. 'barrd'

Dave is a Bristol based Scottish Expat who has 20+ years experience of web development. Loves playing guitar, reading books, watching Sci-Fi and tinkering with tech.