When using Microsoft SSO with Airflow, the JWT (client_assertion) you sign with your RSA key expires after 10 minutes.
The issue happens because Airflow creates that token once at startup, then keeps reusing it — so after 10 minutes, login fails.

✅ Fix:
Generate a new JWT dynamically each time Airflow requests a token from Microsoft, not just once.
You can do this by:

• Making the token creation code run per login request, or

• Overriding the OAuth settings so client_assertion is built by a function instead of a static value.

That way, the JWT is always fresh, and Microsoft SSO keeps working.