Updated LiChess to use required PKCE authentication (#619)

* Updated LiChess to use required pkce authentication

* Removed ExchangeCodeAsync

Author: tanczosm

src/AspNet.Security.OAuth.Lichess/LichessAuthenticationDefaults.cs

@@ -42,7 +42,7 @@ public static class LichessAuthenticationDefaults
         /// <summary>
         /// Default value for <see cref="OAuthOptions.TokenEndpoint"/>.
         /// </summary>
-        public const string TokenEndpoint = "https://oauth.lichess.org/oauth";
+        public const string TokenEndpoint = "https://lichess.org/api/token";
 
         /// <summary>
         /// Default value for <see cref="OAuthOptions.UserInformationEndpoint"/>.

src/AspNet.Security.OAuth.Lichess/LichessAuthenticationOptions.cs

@@ -17,6 +17,9 @@ public class LichessAuthenticationOptions : OAuthOptions
     {
         public LichessAuthenticationOptions()
         {
+            // Pkce is now mandatory for LiChess
+            UsePkce = true;
+
             ClaimsIssuer = LichessAuthenticationDefaults.Issuer;
             CallbackPath = LichessAuthenticationDefaults.CallbackPath;
 

test/AspNet.Security.OAuth.Providers.Tests/Lichess/bundle.json

@@ -4,13 +4,17 @@
     {
       "comment": "https://lichess.org/api#section/Authentication",
       "uri": "https://oauth.lichess.org/oauth",
+      "method": "GET"
+    },
+    {
+      "comment": "https://lichess.org/api#tag/OAuth",
+      "uri": "https://lichess.org/api/token",
       "method": "POST",
       "contentFormat": "json",
       "contentJson": {
+        "token_type": "Bearer",
         "access_token": "secret-access-token",
-        "token_type": "bearer",
-        "refresh_token": "secret-refresh-token",
-        "expires_in": "600"
+        "expires_in": 31536000
       }
     },
     {