You must update the top variables with information relevant to your configuration. If you run it once with the variables updated, it will output information you can use to do the initial setup of your VPN client.
It depends on jq and curl
In my own setup, I combined the script with watchcat. Every time the internet goes down or on boot, watchcat will run the script and bring up the VPN again.
It's not the prettiest, but it works. It could be refined if there's interest.
For context, what problem does this solve? Does PIA's wireguard not play well with OpenWRTs standard runtime network luci/config wireguard proto packages? I'm using it for an always-on connection in a containerized instance of OpenWRT (wg kernel module in the host of course) to a different provider and it's pretty robust right out of the box; starts on boot, recovers from WAN outages, etc.
They don't. I think the token expires after 24 hours so you would need a new one if you wanted to request new details, but as long as the connection remains up (even small interruptions such as restarting the router are fine) there's no need to renew anything.
Having said that, PIA have previously said their servers are routinely restarted every few months during maintenance windows so all existing connections would be closed and a renew of token/connection details would be required.