Hi @nathan_d,
You are absolutely right in regards to the statements mentioned above, so skipping user consent in it’s entirety is not suitable for this architecture. Focusing on this particular issue though, I believe an option that would fit your use case would be Configuring a Logical API for Multiple APIs. The steps provided by this Article outline how scopes can be defined that would correspond to the actions available on your actual Local Server and API Server. This way a single token will be issued, and your respective APIs would check if the specific scopes are included in the token.
With this approach, the user will interfere with a single consent screen that requests all the required scopes for your API calls, while maintaining the PCKE flow with a localhost server.
I hope this better suits your requirements.
Thanks,
Remus