OptionaltokenCache: TokenCachePromise that will resolve with an access token if available or undefined otherwise. This will try to fetch a new access token if:
This method fetches an access token using the OAuth 2.0 Client Credentials grant and returns it
Discards the currently stored access token, both in memory and from the token cache, so that the next read of accessToken fetches a fresh one. Used to recover from a token that the server rejected (HTTP 401) even though it had not yet expired client-side. Any authentication that is already in flight is left untouched - joining it still yields a fresh token.
ProtectedtrackRegisters authentication as the in-flight authentication so that other callers of
accessToken wait for it instead of starting their own. The in-flight marker is
cleared as soon as the promise settles - whether it resolves or rejects - so a failure
never deadlocks subsequent authentication attempts. Rejections are propagated to callers.
Used both for authentications started by the accessToken getter and for flows that obtain a token out-of-band (e.g. the PKCE callback trading a code for a token).
An Authenticator class for the OAuth 2.0 Client Credentials grant.