Hi
I think a completely different approach is called for.
You have two applications that you need SSO between, and they share a user database.
Use the OIDC flow, not ROPG, and this gives you the SSO behavior you need.
Put the authorized appications in the user’s app_metadata and from there you can add it to the ID token or the access token.
This should give you everything you need, and is a much simpler architecture.
John