Right now if you create an authorization module and then call isAuthorized (or hasCredentials) the module doesn't refresh its state with the underlying service. IE A module MAY have tokens but it won't know about it until requestAccess is called.