This makes sure the app can retry authorization, e.g. when username and
password are not supplied upfront and there are no cached credentials.