@AILo-0925, Thank you for reaching out. The behavior you are witnessing here is a by-design behavior, where the lifetime of an access token is set to 1 hour by default in AAD. You can modify that as per requirement, but we do not recommend doing that, rather we would want users, to utilize the refresh tokens to get access-tokens as soon as they expire after 1 hour.
In your case also, I believe, you can utilize the refresh token, to get another access token as soon as you hit the 1-hour mark of your access token expiration. The refresh token is only issued in case you use the Authorization-Code grant flow where the user interactively logs in to AAD (by entering username and password, and in the scope parameter you have to send offline_access), but in other OAuth flows like Client-Credentials flow, since that being a non-interactive login, the refresh token is not issued by AAD.
Also, do let us know what library are you using, is it MSAL? If yes, then we can share some samples based on which you can perfect the code. But you should consider using the Authorization Code Grant Flow to get a seamless user auth experience with SSO. From the snippet above, it's JS snippet and you can consider checking the following sample. It uses MSAL 2.0, Auth-Code Grant Flow with PKCE
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.