This function should be called if the consumer of this auth provider changes the client keypair, or wishes to set the keypair after creating the object.
Calling this function will (optionally) trigger a forcible token refresh using the cached refresh token, and update the auth server config with the current key.
OptionalsigningKey: CryptoKeyPairthe client signing key pair. Will be bound to the OIDC token and require a DPoP header, when set.
Augment the provided http request with custom auth info to be used by backend services.
Required. An http request pre-populated with the data public key.
A utility type for getting and updating a bearer token to associate with HTTP requests to the backend services, notably rewrap and upsert endpoints.
In the TDF protocol, this bearer token will be a wrapper around a signed ephemeral key, to be included in the claims object.