How to configure a private Bitbucket repository so I could include a private package in composer.json?

Question

I have a private Git repository in Bitbucket.org. It consists of a Laravel project that is ready to be used as a composer package. I don't want to publish it, I just want to be able to use it my other Laravel project by including it in composer.json. I googled a lot for tutorials and questions/answers on stackoverflow but I still am not able to do that. Here is a part of my composer.json file that should be relevant:

"require": {
    "php": ">=5.6.4",
    "myprovider/mypackage": "*",
    "laravel/framework": "5.4.*",
    "laravel/tinker": "~1.0"
},
"repositories": {
    "myrepository": {
        "type": "vcs",
        "url": "https://bitbucket.org/me/myrepository/"
    }
},

I tried composer require myprovider/mypackage:*, but then I get an error Could not fetch https://api.bitbucket.org/2.0/repositories/me/myrepository?fields=-project%2C-owner, please create a bitbucket OAuth token to access private repos. Since I actually created OAuth token before, I pasted the required Consumer Key and Consumer Secret but then I get this:

Invalid OAuth consumer provided.
This can have two reasons:
1. You are authenticating with a bitbucket username/password combination
2. You are using an OAuth consumer, but didn't configure a (dummy) callback url

Installation failed, reverting ./composer.json to its original content.

  [Composer\Downloader\TransportException]
  The "?pagelen=100&fields=values.name%2Cvalues.target.hash%2Cnext&sort=-target.date" 
file could not be downloaded: failed to open stream: Resource temporarily unavailable

I am new to Bitbucket, how should I know if I configured everything properly?

A step by step configuration would be awesome, none of the ones I found online fit for my situation.

Answer 1

The following answer is my personal notes after following the instructions of this blog post and seeing it work.

Many thanks to gizmola for the blog post and to gview for the comment pointing to it.

Let's say that for you project my-name/my-project you want to get the private package myprovider/my-private-package hosted on bitbucket.

• login into bitbucket
• bitbucket settings > access management > oauth

• add oauth consumer

  • name: composer
  • callback: (required but not used) http://example.com
  • tick: this is a private consumer
  • tick: permissions > repositories > read
  • save

• get key and secret from composer oauth consumer / user for private repos

• open / create ~/.composer/auth.json and make sure it has where you replace the xxxxx and yyyyy

  {
      "bitbucket-oauth": {
          "bitbucket.org": {
              "consumer-key": "xxxxx",
              "consumer-secret": "yyyyyy"
          }
      }
  }
  

• add your package into your composer.json

  {
     "name" : "my-name/my-project",
     "description" : "my project",
     "repositories": [
         {
           "type": "git",
           "url":  "https://bitbucket.org/myprovider/my-private-package.git"
         }
     ],
     "require": {
         "myprovider/my-private-package": "*"
      }
  }
  

Remember that if the composer.json of the private package has not minimum-stability set (eg. to dev) it will not work.

Example of composer.json for myprovider/my-private-package

{
    "name": "myprovider/my-private-package",
    "description": "my private package",
    "keywords": ["private package", "private", "package"],
    "type": "package",
    "version": "1.0.0",
    "minimum-stability": "dev",
    "license": "MIT",
    "authors": [
        {
          "name": "John Doe",
          "email": "john.doe@example.com"
        }
    ],
    "autoload": {"psr-0": {"": "src"}},
    "require-dev": {
        "behat/behat": "^3.4"
    }
}