diff --git a/examples/simple.js b/examples/simple.js
index 88af0db..0e1e037 100644
--- a/examples/simple.js
+++ b/examples/simple.js
@@ -68,9 +68,16 @@ myOAP.on('create_access_token', function(user_id, client_id, next) {
 });
 
 // an access token was received in a URL query string parameter or HTTP header
-myOAP.on('access_token', function(req, user_id, client_id, data, next) {
-  req.session.user = user_id;
-  req.session.data = data;
+myOAP.on('access_token', function(req, token, next) {
+  var TOKEN_TTL = 10 * 60 * 1000; // 10 minutes
+
+  if(token.grant_date.getTime() + TOKEN_TTL > Date.now()) {
+    req.session.user = token.user_id;
+    req.session.data = token.extra_data;
+  } else {
+    console.warn('access token for user %s has expired', token.user_id);
+  }
+
   next();
 });
 
diff --git a/index.js b/index.js
index 1961f9e..9fc1691 100644
--- a/index.js
+++ b/index.js
@@ -43,14 +43,19 @@ OAuth2Provider.prototype.login = function() {
       data = self.serializer.parse(atok);
       user_id = data[0];
       client_id = data[1];
-      grant_date = data[2];
+      grant_date = new Date(data[2]);
       extra_data = data[3];
     } catch(e) {
       res.writeHead(400);
       return res.end(e.message);
     }
 
-    self.emit('access_token', req, user_id, client_id, extra_data, next);
+    self.emit('access_token', req, {
+      user_id: user_id,
+      client_id: client_id,
+      extra_data: extra_data,
+      grant_date: grant_date
+    }, next);
   };
 };