diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java
index 199ec4a..324f4a3 100644
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2Authorization.java
@@ -404,6 +404,10 @@ public class OAuth2Authorization implements Serializable {
 
 			Assert.notNull(token, "token cannot be null");
 			Map<String, Object> metadata = Token.defaultMetadata();
+			Token<?> existingToken = this.tokens.get(token.getClass());
+			if (existingToken != null) {
+				metadata.putAll(existingToken.getMetadata());
+			}
 			metadataConsumer.accept(metadata);
 			Class<? extends AbstractOAuth2Token> tokenClass = token.getClass();
 			if (tokenClass.equals(OAuth2RefreshToken2.class)) {
diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/TestOAuth2Authorizations.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/TestOAuth2Authorizations.java
index 09cb285..0bb13be 100644
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/TestOAuth2Authorizations.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/TestOAuth2Authorizations.java
@@ -19,6 +19,7 @@ import java.security.Principal;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.Map;
 
 import org.springframework.security.authentication.TestingAuthenticationToken;
@@ -65,11 +66,22 @@ public class TestOAuth2Authorizations {
 				.principalName("principal")
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 				.token(authorizationCode)
-				.accessToken(accessToken)
+				.token(accessToken, (metadata) -> metadata.putAll(tokenMetadata()))
 				.refreshToken(refreshToken)
 				.attribute(OAuth2AuthorizationRequest.class.getName(), authorizationRequest)
 				.attribute(Principal.class.getName(),
 						new TestingAuthenticationToken("principal", null, "ROLE_A", "ROLE_B"))
 				.attribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME, authorizationRequest.getScopes());
 	}
+
+	private static Map<String, Object> tokenMetadata() {
+		Map<String, Object> tokenMetadata = new HashMap<>();
+		tokenMetadata.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, false);
+		Map<String, Object> claims = new HashMap<>();
+		claims.put("claim1", "value1");
+		claims.put("claim2", "value2");
+		claims.put("claim3", "value3");
+		tokenMetadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, claims);
+		return tokenMetadata;
+	}
 }