Thanks for the response! This is really helpful.
On the caching, my goal is not to cache the token, but the user info, using the access token as a key in a key value pair. This is from a session management & performance standpoint, reducing round-trip back to the auth server to get user details on each request. The expiry of the access token would determine the lifetime of that cached info.
On the clientid part, this was a typo. it was supposed to be the secret.
Great point on the benefit of 3 legged auth in terms of single sign-on. that is food for thought. Thanks!