This is unfortunately a known issue that is just due to modern browsers and cross-origin authentication - You can address this by adding a custom domain to address this limitation.
This can also happen if the audience and/or scope is different than in the original request.
The following FAQ on Custom Domains may also be helpful: