diff --git a/README.md b/README.md
index ab48e57..57560a5 100644
--- a/README.md
+++ b/README.md
@@ -213,6 +213,22 @@ const { logout, currentProvider } = useOidcAuth()
 </template>
 ```
 
+### User object
+
+The above composable functions grant access to a user object with the following properties:
+
+| Name | Type | Description |
+|---|---|---|---|
+| provider | `string` | Name of provider used to login the current session |
+| canRefresh | `boolean` | If the current session exposed a refresh token |
+| loggedInAt | `number` | Login timestamp in second precision |
+| updatedAt | `number` | Refresh timestamp in second precision |
+| expireAt | `number` | Session expiration timestamp in second precision. Either loggedInAt plus session maxAge or exp of access token if available. |
+| providerInfo | `Record<string, unknown>` | Additional information coming from the providers userinfo endpoint |
+| userName | `string` | Coming either from the provider or from the configured mapped claim |
+| claims | `Record<string, unknown>` | Additional optional claims from the id token, if `optionalClaims` setting is configured. |
+| accessToken | `string` | Exposed access token, only existent when `exposeAccessToken` is configured. |
+
 ## Server Utils
 
 The following helpers are auto-imported in your `server/` directory.
@@ -363,6 +379,7 @@ You can theoretically register a hook that overwrites internal session fields li
 | validateAccessToken | `boolean` (optional) | `true` | Validate access token. |
 | validateIdToken | `boolean` (optional) | `true` | Validate id token. |
 | encodeRedirectUri | `boolean` (optional) | `false` | Encode redirect uri query parameter in authorization request. Only for compatibility with services that don't implement proper parsing of query parameters. |
+| exposeAccessToken | `boolean` (optional) | `false` | Expose access token to the client within session object |
 
 #### `session`
 
diff --git a/playground/composables/useProviders.ts b/playground/composables/useProviders.ts
index 29be9de..9b26767 100644
--- a/playground/composables/useProviders.ts
+++ b/playground/composables/useProviders.ts
@@ -26,6 +26,12 @@ export const useProviders = (currentProvider: string) => {
       disabled: Boolean(currentProvider === 'keycloak'),
       icon: 'i-simple-icons-cncf',
     },
+    {
+      label: 'Generic OIDC',
+      name: 'oidc',
+      disabled: Boolean(currentProvider === 'oidc'),
+      icon: 'i-simple-icons-openid',
+    },
   ])
   return {
     providers,
diff --git a/playground/nuxt.config.ts b/playground/nuxt.config.ts
index d0c64eb..288fa05 100644
--- a/playground/nuxt.config.ts
+++ b/playground/nuxt.config.ts
@@ -56,7 +56,7 @@ export default defineNuxtConfig({
     },
     session: {
       expirationCheck: true,
-      automaticRefresh: true,
+      automaticRefresh: false,
     },
     middleware: {
       globalMiddlewareEnabled: true,
diff --git a/playground/pages/index.vue b/playground/pages/index.vue
index 1aa1ea9..9fba08d 100644
--- a/playground/pages/index.vue
+++ b/playground/pages/index.vue
@@ -4,7 +4,7 @@ const { providers } = useProviders(currentProvider.value as string)
 </script>
 
 <template>
-  <div class="w-full grid grid-cols-2 justify-center items-center">
+  <div class="w-full grid grid-cols-2">
     <div class="col-start-1 flex flex-col gap-4 items-center">
       <p class="text-xl">
         Login with
@@ -56,7 +56,7 @@ const { providers } = useProviders(currentProvider.value as string)
         <span class="font-bold text-base">
           {{ `${key}` }}
         </span>
-        <p class="text-sm pb-3">
+        <p class="text-sm pb-3 break-all">
           {{ value }}
         </p>
       </div>
diff --git a/src/module.ts b/src/module.ts
index aaffee8..ccb4f83 100644
--- a/src/module.ts
+++ b/src/module.ts
@@ -60,7 +60,7 @@ export default defineNuxtModule<ModuleOptions>({
   defaults: {
     enabled: true,
     session: {
-      automaticRefresh: false,
+      automaticRefresh: true,
       expirationCheck: true,
       maxAge: 60 * 60 * 24, // 1 day
       cookie: {
diff --git a/src/runtime/server/lib/oidc.ts b/src/runtime/server/lib/oidc.ts
index 7d3ca0f..1a34d7b 100644
--- a/src/runtime/server/lib/oidc.ts
+++ b/src/runtime/server/lib/oidc.ts
@@ -198,6 +198,7 @@ export function callbackEventHandler({ onSuccess, onError }: OAuthConfig<UserSes
       canRefresh: !!tokens.refreshToken,
       loggedInAt: timestamp,
       updatedAt: timestamp,
+      expireAt: accessToken.exp || timestamp + useRuntimeConfig().oidc.session.maxAge!,
       provider,
     }
 
@@ -228,6 +229,10 @@ export function callbackEventHandler({ onSuccess, onError }: OAuthConfig<UserSes
       config.optionalClaims.forEach(claim => parsedIdToken[claim] && ((user.claims as Record<string, unknown>)[claim] = (parsedIdToken[claim])))
     }
 
+    // Expose access token
+    if (config.exposeAccessToken)
+      user.accessToken = tokenResponse.access_token
+
     if (tokenResponse.refresh_token) {
       const tokenKey = process.env.NUXT_OIDC_TOKEN_KEY as string
       const persistentSession: PersistentSession = {
diff --git a/src/runtime/server/utils/oidc.ts b/src/runtime/server/utils/oidc.ts
index 02ced1c..2a3e44b 100644
--- a/src/runtime/server/utils/oidc.ts
+++ b/src/runtime/server/utils/oidc.ts
@@ -68,6 +68,7 @@ export async function refreshAccessToken(provider: ProviderKeys, refreshToken: s
   const user: UserSession = {
     canRefresh: !!tokenResponse.refresh_token,
     updatedAt: Math.trunc(Date.now() / 1000), // Use seconds instead of milliseconds to align wih JWT
+    expireAt: parseJwtToken(tokenResponse.access_token).exp,
   }
 
   // Update optional claims
@@ -77,6 +78,10 @@ export async function refreshAccessToken(provider: ProviderKeys, refreshToken: s
     config.optionalClaims.forEach(claim => parsedIdToken[claim] && ((user.claims as Record<string, unknown>)[claim] = (parsedIdToken[claim])))
   }
 
+  // Expose access token
+  if (config.exposeAccessToken)
+    user.accessToken = tokenResponse.access_token
+
   return {
     user,
     tokens,
diff --git a/src/runtime/server/utils/session.ts b/src/runtime/server/utils/session.ts
index 2f4c875..1e2cdf7 100644
--- a/src/runtime/server/utils/session.ts
+++ b/src/runtime/server/utils/session.ts
@@ -121,7 +121,6 @@ export async function requireUserSession(event: H3Event) {
       })
     }
     const expired = persistentSession?.exp <= Math.trunc(Date.now() / 1000)
-    // logger.info(`Session ${sessionId} expires in ${persistentSession.exp - Math.trunc(Date.now() / 1000)} seconds`)
     if (expired) {
       logger.warn('Session expired')
       // Automatic token refresh
diff --git a/src/runtime/types/oidc.ts b/src/runtime/types/oidc.ts
index 02eaf98..63ba6c0 100644
--- a/src/runtime/types/oidc.ts
+++ b/src/runtime/types/oidc.ts
@@ -154,6 +154,11 @@ export interface OidcProviderConfig {
    * @default false
    */
   encodeRedirectUri?: boolean
+  /**
+   * Expose access token to the client within session object
+   * @default false
+   */
+  exposeAccessToken?: boolean
 }
 
 export interface AuthSession {
diff --git a/src/runtime/types/session.ts b/src/runtime/types/session.ts
index 76bd9ab..503b529 100644
--- a/src/runtime/types/session.ts
+++ b/src/runtime/types/session.ts
@@ -6,9 +6,11 @@ export interface UserSession {
   canRefresh?: boolean
   loggedInAt?: number
   updatedAt?: number
+  expireAt?: number
   providerInfo?: any
   userName?: string
   claims?: Record<string, unknown>
+  accessToken?: string
 }
 
 export interface Tokens {