In my resource server, When DefaultTokenService.loadAuthentication() check the access-token and notices that is has been expired, it throws InvalidTokenException with message "Access token expired".

But then, when it is caught by the OAuthRestTemplate, it throws a brand-new OAuth2AccessDeniedException with a message "Invalid token for client...". No trace for the token-expiration ... the user will have no knowledge why the token has no access.

Is it a bug?