This is probably a naive question, but is it possible to receive a second token (and refresh token) without having the user to perform any additional action other than inserting the ‘user code’ on the browser?
(my use case is that I need the user to login at the same time in two different applications)
The device code requested/received in this flow will be specific to the initial application being authorized, so won’t be of any use in the context of a 2nd application. You might want to take a look at configuring silent authentication, but this is outside of the device authorization flow itself.