Should OnBehalfOfCredential refresh token automatically?

[MichalLechowski]

I can't find any documentation for it, the question is if I use OBO flow and initialize graph client like below, should token be automatically refreshed? It does not seem to be or I am missing configuration somewhere. For a long running GraphAPI operation, if token expires, it ends up with: "Assertion is not within its valid time range". Should this work out of the box or if not how should this be implemented? Graph is instantiated only once for my custom graph service class.

OBO flow is used like that: UI---request+token--->API A---request+token--->API B--->call GraphAPI with OBO token

var scopes = new[] { "https://graph.microsoft.com/.default" };

var options = new OnBehalfOfCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};

var onBehalfOfCredential = new OnBehalfOfCredential(configuration["AzureAd:TenantId"],
                                                    configuration["AzureAd:ClientId"],
                                                    configuration["AzureAd:ClientSecret"],
                                                    httpContext.HttpContext.Request.Headers.Authorization.ToString()["Bearer ".Length..],
                                                    options);

HttpClientHandler httpClientHandler = new HttpClientHandler();
CustomRetryHandler customRetryHandler = new CustomRetryHandler(httpClientHandler);
var handlers = GraphClientFactory.CreateDefaultHandlers();
var httpClient = GraphClientFactory.Create(handlers);
_graphServiceClient = new GraphServiceClient(httpClient, onBehalfOfCredential, scopes);

What I tried? Adding "offline_access" to scopes, does not seem to make a difference.