In this case, the app that would consume the service isn't something that lives in Portal, it's just a regular JavaScript web application (using v4 of the ArcGIS JSAPI) that would be referencing the routing service endpoint, using the Proxy for authentication.
I guess where there is some confusion, when I developed an AGOL geocoder app, listed specifically as an "Application" in AGOL, a ClientID and AppSecret are viewable on the settings page, so I can use them to obtain a token, like so:
https://www.arcgis.com/sharing/oauth2/token?client_id=MyClientID&grant_type=client_credentials&clien...
https://geocode.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates?forStorage=true&locationType=rooftop&maxLocations=1&outfields=*&f=pjson&sourcecountry=usa&singleLine=123 Main St, Any Town, Any State, USA&token=tokenObtainedFromOauth2InTheFirstLink..
What I need to do is consume the routing service without requiring authentication/log-in from our users. This would take place via the proxy, which should get a token using clientID and appSecret supplied in the proxy config for this endpoint.
Do I need to configure the tool differently in Portal?