Shift with red gradient lettering

Authorizing the Shift Build

Some Shifts perform analysis in order to provide more intelligent and precise changes. This requires building your projects by installing your dependencies and running scripts like artisan.

Currently, the following Shifts attempt to build your project:

If you are attempting to run one of these Shifts against a project with private dependencies, you may need to configure Shift.

Note: Shift has access to all first-party Laravel packages such as Spark and Nova. As such, you are not required to configure authorization for these packages.

Fortunately, there are two quick ways you may authorize Shift.

  1. Through Composer using auth.json
  2. Granting additional access to Laravel Shift
composer makes this easy by adding an auth.json file to your project.

Configuring Composer

Creating an auth.json file not only allows Shift to build your project, but other services like Forge and Chipper CI as well as other developers working with your code.

To configure an auth.json file, first add one to your project at the same level of your composer.json file. This file contains credentials for authorizing composer to download dependencies from private sources. While these credentials may be a user account, it's better to generate a token.

Although you may revoke a token at any time, they should be treated as passwords. The process for generating a token will vary. To generating a token for common sources, review the documentation from GitHub, Bitbucket, or GitLab.

Once you have obtained this token, use it as the credentials for that source within your auth.json file. The following auth.json file serves as an example for setting a token for each of the common Git services:

    "github-oauth": {
        "": "github-token-1234567890"
    "gitlab-oauth": {
        "": "gitlab-token-1234567890"
    "bitbucket-oauth": {
        "": {
            "consumer-key": "bitbucket-consumer-key-1234567890",
            "consumer-secret": "bitbucket-consumer-secret-1234567890"

Note: If you commit your composer.lock file and changed the repositories.url values, you should run composer update to regenerate the download URLs within your composer.lock.

Granting Additional Access

If you own the private dependency, you may grant Shift additional access. To do so, invite the Laravel Shift user to the repository with read only access. On all Git services, the username is laravel-shift with an email address of

Since accepting this invitation is a manual process, you should also email support as a heads up of this request.

Sign in with any of the following services to connect Shift with your Laravel project.

Don't use one of these services?

Temporarily push your project to a free, private repository on one of these cloud-based services or upgrade your project locally with Shift for Docker.