I think that you need a different approach.
You want service A to behave as an authentication server and service B as a client to access resources.
If I were you I would:
Use spring oauth2 authentication-server (or external provider like Keycloak) to manage your clients
Register service A and service B as spring oauth2-client
And use built-in functions and features to retrieve and manage tokens and restrict access to endpoints.