Perform the full interactive OAuth login for client and attach the
resulting bearer token, refreshing automatically thereafter.
Steps:
1. Discover protected-resource + authorization-server metadata.
2. If a cached, non-expired token exists in the store, use it (refreshing
via the refresh grant when expired). Otherwise:
3. Select a registration approach (pre-registered / CIMD / DCR).
4. Run the authorization-code + PKCE flow: open the browser at the
authorization URL and capture the redirect code on a localhost loopback
listener; verify state.
5. Exchange the code for tokens, persist them, and set the bearer on the
client.
Returns the live OAuthSession so callers can refresh on later requests via
session.bearerForRequest(now).
Perform the full interactive OAuth login for client and attach the resulting bearer token, refreshing automatically thereafter.
Steps: 1. Discover protected-resource + authorization-server metadata. 2. If a cached, non-expired token exists in the store, use it (refreshing via the refresh grant when expired). Otherwise: 3. Select a registration approach (pre-registered / CIMD / DCR). 4. Run the authorization-code + PKCE flow: open the browser at the authorization URL and capture the redirect code on a localhost loopback listener; verify state. 5. Exchange the code for tokens, persist them, and set the bearer on the client.
Returns the live OAuthSession so callers can refresh on later requests via session.bearerForRequest(now).