diff --git a/examples/app/main.go b/examples/app/main.go
index c4bc8c42..fdcd8d9e 100644
--- a/examples/app/main.go
+++ b/examples/app/main.go
@@ -14,10 +14,13 @@ import (
 	"os"
 	"time"
 
+	"github.com/coreos/go-oidc/jose"
+	"github.com/coreos/go-oidc/oauth2"
+	"github.com/coreos/go-oidc/oidc"
+
 	pflag "github.com/coreos/dex/pkg/flag"
 	phttp "github.com/coreos/dex/pkg/http"
 	"github.com/coreos/dex/pkg/log"
-	"github.com/coreos/go-oidc/oidc"
 )
 
 func main() {
@@ -104,6 +107,7 @@ func main() {
 		ProviderConfig: cfg,
 		Credentials:    cc,
 		RedirectURL:    *redirectURL,
+		Scope:          append(oidc.DefaultScope, "offline_access"),
 	}
 
 	client, err := oidc.NewClient(ccfg)
@@ -229,21 +233,51 @@ func handleCallbackFunc(c *oidc.Client) http.HandlerFunc {
 			return
 		}
 
-		tok, err := c.ExchangeAuthCode(code)
+		tokens, err := exchangeAuthCode(c, code)
 		if err != nil {
-			phttp.WriteError(w, http.StatusBadRequest, fmt.Sprintf("unable to verify auth code with issuer: %v", err))
+			phttp.WriteError(w, http.StatusBadRequest,
+				fmt.Sprintf("unable to verify auth code with issuer: %v", err))
+			return
+		}
+
+		tok, err := jose.ParseJWT(tokens.IDToken)
+		if err != nil {
+			phttp.WriteError(w, http.StatusBadRequest,
+				fmt.Sprintf("unable to parse JWT: %v", err))
 			return
 		}
 
 		claims, err := tok.Claims()
 		if err != nil {
-			phttp.WriteError(w, http.StatusBadRequest, fmt.Sprintf("unable to construct claims: %v", err))
+			phttp.WriteError(w, http.StatusBadRequest,
+				fmt.Sprintf("unable to construct claims: %v", err))
 			return
 		}
 
-		s := fmt.Sprintf(`<html><body><p>Token: %v</p><p>Claims: %v </p>
+		s := fmt.Sprintf(`
+<html>
+  <body>
+    <p> Token: %v</p>
+    <p> Claims: %v </p>
         <a href="/resend?jwt=%s">Resend Verification Email</a>
-</body></html>`, tok.Encode(), claims, tok.Encode())
+    <p> Refresh Token: %v </p>
+  </body>
+</html>`, tok.Encode(), claims, tok.Encode(), tokens.RefreshToken)
 		w.Write([]byte(s))
 	}
 }
+
+func exchangeAuthCode(c *oidc.Client, code string) (oauth2.TokenResponse, error) {
+	oac, err := c.OAuthClient()
+	if err != nil {
+		return oauth2.TokenResponse{}, err
+	}
+
+	t, err := oac.RequestToken(oauth2.GrantTypeAuthCode, code)
+	if err != nil {
+		return oauth2.TokenResponse{}, err
+	}
+
+	return t, nil
+
+}