Hi, not an elegant (more like very ugly) but working solution that we used is such case.
It is a combination of the approach you mention as solution #1 + some additional logic.
So, there is no way to manage the flow you have in mind with just k6. (or at least we haven’t found such).
Considering this, we created a simple service that calls for new token once the previous expires and exposes only one GET endpoint that returns this token.
So now our k6 script is calling this helper service once an hour to get fresh token. But although each VU is going to make such call, but real call for new token is made only once when the first VU reaches out for new token. After that call, the same token is returned by helper service to all subsequent calls.
This solution obviously has a lot of downsides (starting from the need to build and spin new service), but it worked for us.