CredentialsConfig holds the OAuth endpoints, redirect URIs, vault API base URLs, and field-name keys used by every credential service. CredentialsConfig.Load() reads ./credentialsConfig.json (or returns defaults) and Save() writes it back - customize once for self-hosted or non-default endpoints.
GPAL.Credentials and GPAL.CredentialsFor(serviceType) both start a credentials request; WithService selects the provider, and WithUsername/WithPassword set the account used to authenticate.
CredentialServiceType.None supplies a username and password directly in code, with no password manager involved. SaveTo writes them straight into a grid for FillInFrom.
WithCredentials(ICredentials) copies authentication fields - username, password, service key, OAuth tokens - from a previously-built credentials object, so a password manager's master login can be built once and reused across many lookups.
For Google, Azure, and AWS, FetchAccessToken exchanges a Google service account key or an OAuth client ID/secret (with WithScope) for an access token - opening a browser for one-time consent if no service account key or refresh token is supplied.
WithService(LastPass / OnePassword / Dashlane / Bitwarden / Keeper) retrieves a saved login from that password manager. GetCredentialsFor sets the search target, WithDomain filters by URL, and SaveTo appends matching [Username, Password] rows to a grid.
Pass the access token returned by FetchAccessToken to RESTClient as a Bearer token to call the provider's API directly.