When using OAuth (the host page provides an embedded grant token) don't
call auth.clearCache() on session update. The authorized user never
changes when using OAuth with a grant token embedded in the page, and
the oauth-auth service's clearCache() is a no-op anyway, so there is no
point in calling clearCache() here.