Without an expires_in field that comes along with the access_token request, I reckon Spring (spring-security-oauth2 or Spring Security 5) will not be able to
