Implement `session_lifetime` configuration option, after which access tokens will expire.