We require regular authentications to ensure that user information stays up-to-date with the backing identity provider.
Long-lived tokens are security risk. We could mitigate this risk using short-lived tokens with a refresh mechanism, but that’s simply not how sessions are implemented today.