Google calendar and Oauth2 workflow is confusing

Question

I have a web app for a client that displays a calendar for users to click on and schedule an appointment. His calendar needs to be connected 24/7. No user needs to log on or use Oauth. The users simply select a date and time and the event is created. I have everything working as far as getting the calendar and sending events. The problems are with the token and understanding internal vs external in this context.

Problems:

1.When reading the docs, I find it hard to understand if this is an internal or external app. Only the internal client needs to sign on to provide the calendar. But the people who are "setting the events" are the users.

2.The token expires after 7days. Per their docs "Refresh tokens may stop working after they are granted, either because: ... The application has a status of 'Testing' and the consent screen is configured for an external user type, causing the token to expire in 7 days". They provide nothing in this section on if its out of 'Testing', if this will continue to be a problem or not.

Questions:

When it comes to the consent screen, what do I do here for deployment? I deploy, log on once with his account and then work on refreshing the tokens over and over? Or once its not in 'Testing' I wont have to worry about this?

If that is what I need to do, the current refresh token expires within 7days. Do I just write a loop after that time is near expiring to send for another token?

Or have I been doing the wrong method this whole time and this app needs a service account and not use Oauth?