I'm developing an endpoint in an ASP.NET Framework application to provide access to a BIM360 project for new users. The access involves uploading files to the project. I understand that a 3-legged OAuth token is required for authentication with BIM360. However, since my end users will always be new users who need access to the project, how can I handle this scenario? Specifically, how should I manage the OAuth token for new users and ensure they have the necessary permissions to upload files to the BIM360 project?