When our application uploads files to a user's OneDrive using the Microsoft Graph API, we don't want the user to login each time.
Does the user still need to login to identify themselves once, and get a token they can be used in subsequent calls?
Ideally this token would last months.
Your app can use a refresh token to get new tokens: https://learn.microsoft.com/en-us/entra/identity-platform/refresh-tokens. Unless your app is a single-page-app, the refresh token is quite long-lasting. When you request for new tokens, you also get back a new refresh token, and you should overwrite the one you had with the new one to keep it from expiring.
Do note that this token acquisition can fail; refresh tokens can be revoked. In that case you would need to prompt the user to log in.