The Composer uses auth.json files to authenticate to private repositories.
The official Magento 2 repository (repo.magento.com) is private.
So, you definitely need to set up an auth.json file.
You can place the auth.json file in the Magento 2 root directory, but I recommend placing it in the COMPOSER_HOME directory for security reasons.
An auth.json file might look like this:
{
"github-oauth": {
"github.com": "<your GitHub key>"
}
,"http-basic": {
"repo.magento.com": {
"username": "<your public Magento Connect key>",
"password": "<your private Magento Connect key>"
}
}
}
The file above consists of the 2 sections:
| Key | Description |
|---|---|
| `github-oauth` | You only need this section if you have installed Magento 2 from the [GitHub repository](https://github.com/magento/magento2). [How to get the key](http://devdocs.magento.com/guides/v2.0/install-gde/trouble/git/tshoot_rate-limit.html). |
| `http-basic` → `repo.magento.com` | [How to set up credentials for the repo.magento.com](https://mage2.pro/t/topic/740). Use «**Public Key**» as `username` and «**Private Key**» as `password`. |
If you do not need the github-oauth section, then an auth.json can look like this:
{
"http-basic": {
"repo.magento.com": {
"username": "<your public Magento Connect key>",
"password": "<your private Magento Connect key>"
}
}
}