OAuth client in CloudFlare environments

[JoviDeCroock]

Describe the bug

There's a few issues with implementing the OAuth client in environments like CloudFlare and other WinterCG environments.

I have been able to circumvent these myself with a few tricks

• Fetch.cache is not available, in @atproto/oauth-client we are using cache: 'no-cache' which isn't supported in CloudFlare, we could circumvent this by using cache-control: no-cache instead.
• Fetch.redirect: error is not available, in @atproto/did-resolver we are using redirect: 'error' which does not work, we need to use manual or follow.
• When we use a tool like KV we have to restore the state.dpopKey to a JoseKey (more a docs issue I guess) which can be done like kvResult.dpopKey = new JoseKey(kvResult.dpopKey.jwks);
• The handle-resolvers currently available all require DNS which isn't supported, instead I've made

    handleResolver: {
      resolve: async (handle) => {
        const result = await fetch(
          "https://bsky.social/xrpc/com.atproto.identity.resolveHandle?handle=" +
            handle,
          {
            cf: {
              cacheEverything: true,
            },
          },
        ).then((x) => x.json<{ did: ResolvedHandle }>());
        return result.did as ResolvedHandle;
      },
    },

  this could also be done with the DNS resolution of CloudFlare itself I reckon.

Expected behaviour

I mainly wanted to describe the issues and discuss them before jumping on pull requests. I'm not sure how to replace redirect: error however the other three look feasible.