Change beginAuth sessions default to online

[Paulinakhew]

WHY are these changes introduced?

Change the default for OAuth.beginAuth to online sessions to match the default for loadCurrentSession.

WHAT is this pull request doing?

• change default for beginAuth's isOnline parameter to true for online access tokens

Type of change

• Patch: Bug (non-breaking change which fixes an issue)
• Minor: New feature (non-breaking change which adds functionality)
• Major: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

• I have added a changelog entry, prefixed by the type of change noted above
• I have added/updated tests for this change
• I have documented new APIs/updated the documentation for modified APIs (for public APIs)

[paulomarg]

LGTM, with one nit: we should update the docs page for this method too, to make sure the param is documented, and so is its default value.

[paulomarg]

Awesome! Let's not merge this yet until we've had a chance to make all of the breaking changes so we can release it all at once.

[caution-tape-bot]

Shopify's style guide prefers avoiding terms like "white-list" and "black-list".

Drop in replacements include "allow-list" and "deny-list", or "clearlist" and "blocklist". Also consider if there is a domain specific term you could use.

For example, "parameter white-list" could be replaced with "parameter allow-list", but "trusted parameters" may more suitable.

[paulomarg]

LGTM, just a nit on the docs.

[mkevinosullivan]

Looks good, some minor nit picks.

[mkevinosullivan]

LGTM - one small note