Make SDK offline first

[louischan-oursky]

• configure can be called more than once.
• configure does NOT do network IO.
• configure does local file IO.
• Refresh access token lazily.
• Review cookie and refresh token usage UX.

[carmenlau]

API changes in the SDK

• authgear.configure should not refresh access token, it will load SessionState will be updated based on refresh token store only. That means if there is refresh token, SessionState will be AUTHENTICATED. Validity of refresh token will not be verified during configure.
• access token will be automatically refreshed when calling api that require auth, e.g. fetchUserInfo, enableBiometric...etc.
• Add api to assist developer to call their app server with auth
  • iOS / Android / JS
    • authgear.refreshTokenIfNeeded() developer should call it before every api call
    • authgear.accessToken get the access token from authgear SDK and inject into their application request
    • authgear.clearSessionState() allow developer to clear SDK logged in state, when they find user session is invalid
  • JS (only)
    • authgear.fetch(...) access token will be automatically refresh
      • the fetch function will refresh access token if it is needed (SDK has refresh token but no valid access token). If refresh access token failed, the fetch function will be rejected and the developer app server will not be called.
    • breaking change, remove authgear.apiClient from public api. Before the update, developer called fetch function with authgear.apiClient.fetch, they should call it from authgear.fetch after update.