Unable To Obtain Valid Token - periodically / intermittently on device startup

I’m very puzzled by a problem that I have in my app. Our ionic app uses the ionic-appauth library and prior to upgrading to Capacitor 4 and 0.9.90 of that library I was seeing this issue sometimes but only on Android 8 and Android 11 devices and then only only on swipe-close of the app. Since the upgrade I am seeing this issue on all devices but only intermittently. I’m wondering if I am using the library incorrectly but I’m unable to locate an example app that shows the best practice i.e an example app that shows a bit more than a login but actual use with subsequent API calls - is there one?

My app is an Ionic 6 / Capacitor 4 / Angular 13 app.

I have an http interceptor that makes a call to getValidToken() for every api call that is made.

On app start and resume (assuming the user is already logged in) my app makes an api call to the server to retrieve a bunch of stuff.

If I install my app and login and the open and close the app a bunch of times this continues to work.

If I swipe-close the app a bunch of times this continues to work.

I have tried the above for a period of 10 minutes, half an hour, two hours and so on. Things continue to work.

Eventually (quite often the following day) when I re-open the app that initial call to getValidToken() will fail with the error

Unable To Obtain Valid Token

This appears to be when the app is performing a restart even though sometimes this is not after a swipe-close of the app but just a re-open of the app (presumably because the o/s has decided to close the app so rather than the resume event the app fully restarts) - not sure if that’s significant or not. But after installing and logging in, swipe-close and re-open works ok, it’s only after this long delay and not using the app for a while that it fails.

On the Okta side our app is defined as follows (in case this helps) :

Application Type: native
Grant Type: Authorisation Code, Refresh Token
Refresh token behavior: Rotate token after every use
Grace period for token rotation: 30 Seconds

Do you know what might be going wrong here? Am I doing the right thing by making a getValidToken() call before each API call and should that continue to get me a valid token all the time. If it works 100% of the time for the first couple of hours should it not continue to work?

Any advice would be appreciated! (I’ve posted this questions in the issues area of the library as well)