Composer uses auth.json files to authenticate itself in the private repositories.
The official Magento 2 repository (repo.magento.com) is private.
The official Mage2.PRO repository (it stores the Mage2.PRO Magento 2 extensions) is private too.
So you definitely need to setup an auth.json file.
You can place the auth.json file to the Magento 2 root directory, but I recommend place it to the COMPOSER_HOME directory for security reasons.
An auth.json file can look like this:
{
"github-oauth": {
"github.com": "<your GitHub key>"
}
,"http-basic": {
"repo.magento.com": {
"username": "<your public Magento Connect key>",
"password": "<your private Magento Connect key>"
}
,"code.dmitry-fedyuk.com": {
"username": "<your username in the Mage2.PRO repository>",
"password": "<your password for the Mage2.PRO repository>"
}
}
}
The file above consist of the 3 sections:
| Key | Description |
|---|---|
| `github-oauth` | You need the section only if you have installed Magento 2 from the [GitHub repository](https://github.com/magento/magento2). [How to get the key](http://devdocs.magento.com/guides/v2.0/install-gde/trouble/git/tshoot_rate-limit.html). |
| `http-basic` → `repo.magento.com` | [How to setup credentials for the repo.magento.com](https://mage2.pro/t/topic/740). Use «**Public Key**» as `username` and «**Private Key**» as `password`. |
| `http-basic` → `code.dmitry-fedyuk.com` | [How to know your username](https://mage2.pro/t/topic/257). [How to set your password](https://mage2.pro/t/topic/253). |
If you do not need the github-oauth section, then an auth.json can look like this:
{
"http-basic": {
"repo.magento.com": {
"username": "<your public Magento Connect key>",
"password": "<your private Magento Connect key>"
}
,"code.dmitry-fedyuk.com": {
"username": "<your username in the Mage2.PRO repository>",
"password": "<your password for the Mage2.PRO repository>"
}
}
}