Did u think about using self-signed certification for authentication instead of client secret? And after u may configure automatic token refreshing.