your use case is still not clear.
the sample you link to use cookie authentication and AD oauth. in that sample, the token is only used to build the claims in authentication cookie. the authentication cookie expiration is based on the oauth token expiration (sliding window is not supported).
when the authentication cookie expires (the browser does send it to the server), the mvc server will redirect to the auth server to get a new token and build a new authentication cookie. the return url is used to determine where to redirect after login. when your define the CookeAuthenicationOptions to UseCookeAuthenication, you can replace the redirect logic (the sample just uses the defaults)
Provider = new CookieAuthenticationProvider
{
...
OnApplyRedirect = (context) =>
{
// look at query string return url and make decision where to go instead
context.Response.Redirect(redirectUrl);
}
}
the sample also contains code to store the token in a cache to use for graph api calls (not authentication). in this case an access and refresh tokens are stored in the cache, and AquireTokenSilent() is called to get an access token. it will use the refresh token to get a new access token is required. but this is all outside site authentication.
note: when not using oauth, a sliding windows for cookie authentication is often used. this causes the cookie expiration to be updated half way through expiration. but this is not supported with oauth.