diff --git a/Owin.Security.Providers/Salesforce/Provider/SalesforceAuthenticatedContext.cs b/Owin.Security.Providers/Salesforce/Provider/SalesforceAuthenticatedContext.cs
index b42875f..3d2c436 100644
--- a/Owin.Security.Providers/Salesforce/Provider/SalesforceAuthenticatedContext.cs
+++ b/Owin.Security.Providers/Salesforce/Provider/SalesforceAuthenticatedContext.cs
@@ -21,11 +21,13 @@ namespace Owin.Security.Providers.Salesforce
         /// <param name="context">The OWIN environment</param>
         /// <param name="user">The JSON-serialized user</param>
         /// <param name="accessToken">Salesforce Access token</param>
-        public SalesforceAuthenticatedContext(IOwinContext context, JObject user, string accessToken)
+        /// <param name="refreshToken">Salesforce Refresh token</param>
+        public SalesforceAuthenticatedContext(IOwinContext context, JObject user, string accessToken, string refreshToken)
             : base(context)
         {
             User = user;
             AccessToken = accessToken;
+            RefreshToken = refreshToken;
 
             Id = TryGetValue(user, "id");
             UserId = TryGetValue(user, "user_id");
@@ -54,6 +56,11 @@ namespace Owin.Security.Providers.Salesforce
         /// </summary>
         public string AccessToken { get; private set; }
 
+        /// <summary>
+        /// Gets the Salesforce refresh token, if the application's scope allows it
+        /// </summary>
+        public string RefreshToken { get; private set; }
+
         /// <summary>
         /// Gets the Salesforce ID / User Info Endpoint
         /// </summary>
diff --git a/Owin.Security.Providers/Salesforce/SalesforceAuthenticationHandler.cs b/Owin.Security.Providers/Salesforce/SalesforceAuthenticationHandler.cs
index 777cf9b..faf5b16 100644
--- a/Owin.Security.Providers/Salesforce/SalesforceAuthenticationHandler.cs
+++ b/Owin.Security.Providers/Salesforce/SalesforceAuthenticationHandler.cs
@@ -83,6 +83,7 @@ namespace Owin.Security.Providers.Salesforce
                 // Deserializes the token response
                 dynamic response = JsonConvert.DeserializeObject<dynamic>(text);
                 string accessToken = (string)response.access_token;
+                string refreshToken = (string)response.refresh_token;
 
                 // Get the Salesforce user using the user info endpoint, which is part of the token - response.id
                 HttpRequestMessage userRequest = new HttpRequestMessage(HttpMethod.Get, (string)response.id + "?access_token=" + Uri.EscapeDataString(accessToken));
@@ -92,7 +93,7 @@ namespace Owin.Security.Providers.Salesforce
                 text = await userResponse.Content.ReadAsStringAsync();
                 JObject user = JObject.Parse(text);
 
-                var context = new SalesforceAuthenticatedContext(Context, user, accessToken);
+                var context = new SalesforceAuthenticatedContext(Context, user, accessToken, refreshToken);
                 context.Identity = new ClaimsIdentity(
                     Options.AuthenticationType,
                     ClaimsIdentity.DefaultNameClaimType,