Test order of auth

[jonthegeek]

If I supply bearer token and refresh, does it use the bearer token without trying refresh? Does order I add the req methods matter? Turn off internet to more easily trace.

[jonthegeek]

Last oauth function applied overwrites previous one(s). The main thing that I'm still not sure of is what happens if a given refresh token is bad. Does it just fail? It might try to reauth, but it doesn't have a PKCE flag, so it would presumably always use the default. I'm thinking I might want to do something along these lines:

• "Hide" the oauth params in something like $policies$auth_sign_bak (so httr2 won't try to use them prematurely).
• Try the query with req_auth_bearer_token() (when I have a token). Doing both of these MIGHT not be necessary but I don't know every possible situation. I think I'll have to tryCatch this myself; httr2 would overwrite any "real" req_retry(), for example. I also might want to req_error() (saving any existing req_error() settings) to let it "succeed" (without throwing an error) so I can check the response and then decide what to do next.
• If that query fails, move oauth params to their proper home and re-try (possibly doing so for refresh before doing so for the rest of oauth, depending whether I can make them play together).

That should allow me to use the httr2 wiring, but try all the options.

If it works, consider pushing it back to httr2, but I think it's more hand-wavy-hand-holding than he's aiming for.