It feels like you’re over-complicating matters. If you want to do EVERYTHING client-side, then your clients could register their own app, go through the auth code flow on localhost (only needs to be done 1 time), then from then the entire refresh process is automated, still client side, and still no more webserver as that’s not needed to refresh.
If you don’t want to do everything client-side, and you want to have a single app registered which is on your end, then why can’t your clients go through the auth process on your server, and any time it needs refreshing they connect to you and your serer handles the refreshing and returns a new token?
From the sounds if it, you seem stuck into one way of going about it, and I don’t blame you, not many people like change, but it’s not like there isn’t a way for you to adapt, there are options, several in fact.