Hey there @tojeffraymond welcome to the community!
Interesting use case, I haven’t heard of anything similar personally. The only flow that wouldn’t require any user authentication is m2m. You could proxy a client credentials exchange through a backend via a SPA so that the credentials are handled on a backend and safe.
It’s fairly common for SPAs to proxy calls through a backend to call the Management API for example.This typically involves an authenticated user but I don’t see any reason you could handle this on a backend with an unauthenticated user. Here’s an FAQ that goes into this set up:
Not entirely sure that answers your question, but hope it at least gives some direction!