If the user provided `username` and `password` in the plugin configuration, then we should use those credentials to refresh the OAuth token when expired.