`credentials_byo_oauth2()` should not have hard check for `endpoint`

[jennybc]

The hard check for a google oauth endpoint means credentials_byo_oauth2() basically only works for user tokens, but that's clearly not the intent.

[jennybc]

The forced refresh is also somewhat 🤔