Resolve credentials for an outgoing request. Returns the current access
token, silently refreshing it first when it is expiring (or when
context.forceRefresh is set, e.g. after a 401). Throws
HonuaAuthError interaction_required when there is no token and no
refresh token — the app must call OAuth2Provider.signIn.
Read the raw stored credential, if any.
Complete the redirect leg: validate state, exchange the authorization
code (+ PKCE verifier) for tokens, persist them, and emit signed-in.
Optionalurl: stringWhether url (or the current window location) looks like an OAuth2 redirect
callback (carries code+state or an error). Call this on app load to
decide whether to invoke OAuth2Provider.handleRedirectCallback.
Optionalurl: stringRegister an auth lifecycle listener.
HonuaAuthProvider.revokeCredentials — clears + optionally revokes.
Start interactive sign-in. In redirect mode this navigates the current
window to the authorization endpoint and returns a promise that never
resolves (the page unloads); complete the flow by calling
OAuth2Provider.handleRedirectCallback when the app reloads at the
redirect URI. In popup mode it opens a popup, waits for the redirect back,
exchanges the code, and resolves with the stored credential.
OAuth2 authorization-code + PKCE provider. Construct via oauth2.