As per the current architecture of VOP (Verse On Premises), The end user maintain an active session with each of the Domino servers it is communicating with. As a result, the user must re-establish their authentication session with the mail server when their session expires. The behavior is describing what is expected. Authenticating against the hub server would not be sufficient for establishing/maintaining an authentication session with the mail servers.
We understand currently the behaviour is working as design for VOP.
But we need a way to fix this in VOP so that after the token expires, authorization takes place on the HUB server.