I know the process of getting a accesstoken stream and what to do. With what you described there is no way, with the current ESI-system, to grant someone a permanent and secure way to share your data. If i do a new SSO and generate a new Access Code, any former token stream gets invalid and is closed.
I hope you realize that with what you’re trying to do you’re basically trying to copy identifications, and that’s just really a bad thing to do when the whole point of it is to uniquely identify someone and not have your identity stolen for instance.
Thats because, a this moment, there is no way to identify 2 diffenrent users of the client how want to access the same data. There is no way to allow someone else the permanent right (or till you revoke it) to view your information.
Maybe it could be done with an invite link. You generate a guest Token and the guest has to log in with his own sso. Then you could grant or revoke all guest tokens in your own API management page.
With server side apps the current system works because they can handle the view/read/write whats else permissions on the dedicated web server. With standalone PC programms there is now no way to share information between different users. Maybe there is a way which i dont know.