diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py
index 93af6e14f..b6c2be0ce 100644
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -91,6 +91,15 @@ HTTP_X_ROLE
     *Deprecated* in favor of HTTP_X_ROLES
     This is being renamed, and the new header contains the same data.
 
+OTHER ENVIRONMENT VARIABLES
+---------------------------
+
+keystone.token_info
+    Information about the token discovered in the process of
+    validation.  This may include extended information returned by the
+    Keystone token validation call, as well as basic information about
+    the tenant and user.
+
 """
 
 import datetime
@@ -283,6 +292,7 @@ class AuthProtocol(object):
             self._remove_auth_headers(env)
             user_token = self._get_user_token_from_header(env)
             token_info = self._validate_user_token(user_token)
+            env['keystone.token_info'] = token_info
             user_headers = self._build_user_headers(token_info)
             self._add_headers(env, user_headers)
             return self.app(env, start_response)
diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py
index 0c155047b..79cbc9101 100644
--- a/tests/test_auth_token_middleware.py
+++ b/tests/test_auth_token_middleware.py
@@ -449,6 +449,7 @@ class DiabloAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest):
         req.headers['X-Auth-Token'] = VALID_DIABLO_TOKEN
         self.middleware(req.environ, self.start_fake_response)
         self.assertEqual(self.response_status, 200)
+        self.assertTrue('keystone.token_info' in req.environ)
 
 
 class AuthTokenMiddlewareTest(test.NoModule, BaseAuthTokenMiddlewareTest):
@@ -459,6 +460,7 @@ class AuthTokenMiddlewareTest(test.NoModule, BaseAuthTokenMiddlewareTest):
         self.assertEqual(self.response_status, 200)
         self.assertTrue(req.headers.get('X-Service-Catalog'))
         self.assertEqual(body, ['SUCCESS'])
+        self.assertTrue('keystone.token_info' in req.environ)
 
     def test_valid_uuid_request(self):
         self.assert_valid_request_200(UUID_TOKEN_DEFAULT)
@@ -484,6 +486,7 @@ class AuthTokenMiddlewareTest(test.NoModule, BaseAuthTokenMiddlewareTest):
         body = self.middleware(req.environ, self.start_fake_response)
         self.assertEqual(self.response_status, 200)
         self.assertEqual(body, ['SUCCESS'])
+        self.assertTrue('keystone.token_info' in req.environ)
 
     def test_default_tenant_uuid_token(self):
         self.assert_unscoped_default_tenant_auto_scopes(UUID_TOKEN_DEFAULT)