The bearer access token attached to outgoing requests.
OptionalexpiresAbsolute expiry as epoch milliseconds (from expires_in).
OptionalidOpenID Connect ID token, when present (never sent to resource servers).
OptionalrefreshRefresh token, when the authorization server issued one.
OptionalscopeGranted scope string, if the token response narrowed it.
OptionaltokenToken type from the token response; defaults to Bearer.
A persisted OAuth2 credential. Access/refresh tokens plus expiry are stored in a CredentialStore; the SDK only ever attaches
accessTokenas a bearer credential and usesrefreshToken/expiresAtto drive silent refresh.