Update authentication methods in documentation

doc/03-cli.md

@@ -900,9 +900,10 @@ If set to 1, this env allows running Composer when the Xdebug extension is enabl
 ### COMPOSER_AUTH
 
 The `COMPOSER_AUTH` var allows you to set up authentication as an environment variable.
-The contents of the variable should be a JSON formatted object containing http-basic,
-github-oauth, bitbucket-oauth, ... objects as needed, and following the
-[spec from the config](06-config.md#gitlab-oauth).
+The contents of the variable should be a JSON formatted object containing [http-basic,
+github-oauth, bitbucket-oauth, ... objects as needed](articles/authentication-for-private-packages.md),
+and following the
+[spec from the config](06-config.md).
 
 ### COMPOSER_BIN_DIR
 

doc/06-config.md

@@ -71,9 +71,9 @@ URL.
 A list of domain names and oauth keys. For example using `{"github.com":
 "oauthtoken"}` as the value of this option will use `oauthtoken` to access
 private repositories on github and to circumvent the low IP-based rate limiting
-of their API. [Read
-more](articles/troubleshooting.md#api-rate-limit-and-oauth-tokens) on how to get
-an OAuth token for GitHub.
+of their API. Composer may prompt for credentials when needed, but these can also be
+manually set. Read more on how to get an OAuth token for GitHub and cli syntax
+[here](articles/authentication-for-private-packages.md#github-oauth).
 
 ## gitlab-oauth
 

doc/articles/authentication-for-private-packages.md

@@ -22,6 +22,8 @@ for credentials and save them (or a token if Composer is able to retrieve one).
 |[Custom header](#custom-token-authentication)|no|
 |[gitlab-oauth](#gitlab-oauth)|yes|
 |[gitlab-token](#gitlab-token)|yes|
+|[github-oauth](#github-oauth)|yes|
+|[bitbucket-oauth](#bitbucket-oauth)|yes|
 
 Sometimes automatic authentication is not possible, or you may want to predefine
 authentication credentials.
@@ -93,6 +95,16 @@ You can open this file in your favorite editor and fix the error.
 It is also possible to add credentials to a `composer.json` on a per-project basis in the `config`
 section or directly in the repository definition.
 
+## Authentication using the COMPOSER_AUTH environment variable
+
+> **Note:** Using this method also has security implications.
+> Credentials passed using command line environment variables will most likely be stored in memory,
+> and on be persisted to a file like ```~/.bash_history```(linux) or ```ConsoleHost_history.txt```
+> (Powershell on Windows) when closing a session.
+
+The final option to supply Composer with credentials is to use the ```COMPOSER_AUTH``` environment variable.
+Read more about the usage of this environment variable [here](../03-cli.md#COMPOSER_AUTH).
+
 # Authentication methods
 
 ## http-basic
@@ -224,3 +236,55 @@ composer config [--global] --editor --auth
     }
 }
 ```
+
+## github-oauth
+
+To create a new access token, head to your [token settings section on Github](https://github.com/settings/tokens) and [generate a new token](https://github.com/settings/tokens/new). For public repositories when rate limited, the ```public_repo``` scope is required, for private repositories the ```repo:status``` scope is needed.
+Read more about it [here](https://github.com/blog/1509-personal-api-tokens).
+
+### Command line github-oauth
+
+```sh
+composer config [--global] github-oauth.github.com token
+```
+
+### Manual github-oauth
+
+```sh
+composer config [--global] --editor --auth
+```
+
+```json
+{
+    "github-oauth": {
+        "github.com": "token"
+    }
+}
+```
+
+## bitbucket-oauth
+
+Read more about how to set up oauth on bitbucket [here](https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/).
+
+### Command line bitbucket-oauth
+
+```sh
+composer config [--global] bitbucket-oauth.bitbucket.org cosumer-key consumer-secret
+```
+
+### Manual bitbucket-oauth
+
+```sh
+composer config [--global] --editor --auth
+```
+
+```json
+{
+    "bitbucket-oauth": {
+        "bitbucket.org": {
+             "consumer-key": "key",
+             "consumer-secret": "secret"
+        }
+    }
+}
+```

doc/articles/troubleshooting.md

@@ -177,12 +177,7 @@ Because of GitHub's rate limits on their API it can happen that Composer prompts
 for authentication asking your username and password so it can go ahead with its work.
 
 If you would prefer not to provide your GitHub credentials to Composer you can
-manually create a token using the following procedure:
-
-1. [Create](https://github.com/settings/tokens) an OAuth token on GitHub.
-[Read more](https://github.com/blog/1509-personal-api-tokens) on this.
-
-2. Add it to the configuration running `composer config -g github-oauth.github.com <oauthtoken>`
+manually create a token using the [procedure documented here](authentication-for-private-packages.md#github-oauth).
 
 Now Composer should install/update without asking for authentication.