Access Token expired when opening app in Okta


We have gotten some reports back that users have trouble logging in to one of our apps. They often login through an Identity Provider integration. They can access the Okta Dashboard just fine, but when they click and launch our app, they are redirected to /login, for some reason.
We have tried our best to debug this flow, and we are 75% sure it is because the JWT token from Okta is expired.

Is this supposed to happen? Is our app code not handling an essential authentication flow? Or should Okta renew this token automatically when logged in?

EDIT: I forgot to mention that this does not always happen. The way it is reproduced is that when a user logs on for the first time of the day, they encounter this error. Our code in the app calls /logout because of the exception, and the token is deleted. If they open the app again, they can login - until the next day.

We had a similar issue in the past. We added a SolarWinds monitor that used the API to login in every day. This kept the token active for us.