Github token issue and Composer key procedures

This article provides solutions for the issue of failed deployments related to Github token failures caused by outdated Composer keys.

Affected products and versions

Adobe Commerce on-premises merchants should check with their host provider to ensure they are using Composer version 1.10.21 or higher due to the token format changes introduced by Git.


Deployments fail and deployment logs contain information similar to the following:

Fatal error: Uncaught UnexpectedValueException: Your github oauth token for contains invalid characters: “ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx” in /app/vendor/composer/composer/src/Composer/IO/BaseIO.php:129


Outdated Composer keys cause the Github token failures which result in failed deployments.


To resolve the issue, please update your Composer version to 1.10.22:

  1. On your local environment, run composer require “composer/composer”:”>1.10.21.
  2. This adds the requirement for that Composer package version. Check the lock file - composer/composer version must be 1.0.22 or higher.
  3. Commit composer.json and composer.lock and push a deployment.

If this method does not work, please submit a support ticket.