Jwt is expired while using istio and oauth2-proxy (keycloak as idp)

Hello everyone. There is a problem I am facing at work after having integrated Istio with Oauth2-proxy using an external OIDC - Keycloak.Everything is working fine in terms of forwarding the end-user to the Keycloak login page, and getting redirected back. We can see the logs in Oauth2-proxy showing the username and so on.However, the access token timeout limit in Keycloak is set to 10 minutes. It was my - clearly wrong - understanding Oauth2-proxy would refresh that token internally when it expires… however the users are experiencing a very simple page after 10 minutes showing:

Jwt is expired

I am sure it is speaking about the access token. Is there a step I am missing in Istio configuration? Or perhaps I am completely mistaken as I said above in thinking that oauth2-proxy would actually refresh the access token?

Thank you