Lichess OAuth 2.0 support for the PHP League's OAuth 2.0 Client

0.1.1 2022-04-10 18:51 UTC

This package is auto-updated.

Last update: 2024-07-11 00:09:25 UTC


Codacy Badge Scrutinizer Code Quality Code Coverage Build Status Software License

This package provides Lichess OAuth 2.0 support for the PHP League's OAuth 2.0 Client.


To install, use composer:

$ composer require joseayram/oauth2-lichess


Usage is just the same as The League's OAuth client, using \CrudSys\OAuth2\Client\Provider\Lichess as the provider.

Authorization Code Flow

require_once 'oauth2-lichess/vendor/autoload.php';


use CrudSys\OAuth2\Client\Provider\Lichess;

$clientId = 'api-lichess-test';
$clientSecret = '{your-secret-client}';
$redirectUri = '{your-redirect-uri}';

if (!isset($_SESSION['codeVerifier'])) {
    $verifier = createVerifier();
    $_SESSION['codeVerifier'] = $verifier;
} else {
    $verifier = $_SESSION['codeVerifier'];

$provider = new Lichess([
    'clientId'      => $clientId,
    'clientSecret'  => $clientSecret,
    'redirectUri'   => $redirectUri,

if (!isset($_GET['code']) && !isset($_GET['error'])) {
    $challenge = createChallenge($verifier);

    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl([
        'code_challenge' => $challenge,

    $_SESSION['oauth2state'] = $provider->getState();

    echo "<a href='{$authUrl}'>Login with Lichess</a>";
} elseif ((isset($_GET['error']) && !empty($_GET['error']) ) &&
        (isset($_GET['error_description']) && !empty($_GET['error_description']) )
) {
    exit($_GET['error'].': '.$_GET['error_description']);
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
    exit('Invalid state, make sure HTTP sessions are enabled.');
} else {
    // Try to get an access token (using the authorization code grant)
    try {
        $token = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code'],
            'code_verifier' => $_SESSION['codeVerifier'],
    } catch (\Exception $e) {
        exit('Failed to get access token: '.$e->getMessage());

    // Optional: Now you have a token you can look up a users profile data
    try {
        // We got an access token, let's now get the user's details
        $user = $provider->getResourceOwner($token);
        // Use these details to create a new profile
        printf('Hello %s!\n<br>', $user->getUsername());
        echo "<pre>" . print_r($user, true) . "</pre>";
    } catch (\Exception $e) {
        exit('Failed to get resource owner: '.$e->getMessage());

    // Use this to interact with an API on the users behalf
    echo $token->getToken();

Managing Scopes

You can add extra scopes by passing them to the getAuthorizationUrl() method

$options = [
    'scope' => [Lichess::SCOPE_EMAIL, Lichess::SCOPE_PREFERENCE_READ]

$authorizationUrl = $provider->getAuthorizationUrl($options);

If no scopes are passed, only public is used

At the time of authoring this documentation, the following scopes are available.

  • PREFERENCE_READ Read your preferences.
  • PREFERENCE_WRITE Write your preferences.
  • EMAIL Read your email address.
  • CHALLENGE_READ Read incoming challenges.
  • CHALLENGE_WRITE Create, accept, decline challenges.
  • CHALLENGE_BULK Create, delete, query bulk pairings.


$ ./vendor/bin/phpunit


Please see our changelog file for details.


Special thanks to all creators of the others oauth2 client's third-party packages I learnt a lot of them.


Please see our contributing guidelines for details.


The MIT License (MIT). Please see License File for more information.