diff --git a/api/plugins/action/token.py b/api/plugins/action/token.py
index dd45f20..bb83649 100644
--- a/api/plugins/action/token.py
+++ b/api/plugins/action/token.py
@@ -1,3 +1,4 @@
+import time
 from ..module_utils import token as LagoonToken
 from ansible.plugins.action import ActionBase
 
@@ -15,6 +16,8 @@ def run(self, tmp=None, task_vars=None):
         lagoon_ssh_private_key = task_vars.get('lagoon_ssh_private_key')
         lagoon_ssh_private_key_file = task_vars.get('lagoon_ssh_private_key_file')
 
+        grant = self._task.args.get("grant", False)
+
         if lagoon_ssh_private_key:
             self._display.vvvv("writing private key to file")
             if not lagoon_ssh_private_key_file:
@@ -26,9 +29,8 @@ def run(self, tmp=None, task_vars=None):
                 result['error'] = e
                 return result
 
-        self._display.vvvv(
-            f"lagoon_ssh_private_key_file: {lagoon_ssh_private_key_file}")
-        rc, result['token'], result['error'] = LagoonToken.fetch_token(
+        self._display.vvvv(f"lagoon_ssh_private_key_file: {lagoon_ssh_private_key_file}")
+        rc, grant_token, result['error'] = LagoonToken.fetch_token(
             self._templar.template(task_vars.get('lagoon_ssh_host')),
             self._templar.template(task_vars.get('lagoon_ssh_port')),
             self._task.args.get('ssh_options', ""),
@@ -36,5 +38,10 @@ def run(self, tmp=None, task_vars=None):
         )
         if rc > 0:
             result['failed'] = True
+        elif grant:
+            grant_token['expiry_time'] = time.time() + grant_token['expires_in']
+            result['token'] = grant_token
+        else:
+            result['token'] = grant_token['access_token']
 
         return result
diff --git a/api/plugins/module_utils/token.py b/api/plugins/module_utils/token.py
index 801c8ae..4e97c4d 100644
--- a/api/plugins/module_utils/token.py
+++ b/api/plugins/module_utils/token.py
@@ -1,5 +1,6 @@
 import subprocess
 
+import json
 from typing import List, Union
 
 def write_ssh_key(key_content: str, key_path: str):
@@ -25,7 +26,7 @@ def fetch_token(ssh_host, ssh_port, ssh_options: Union[str, List[str]], key_path
 
     if key_path:
         ssh_command.extend(['-i', key_path])
-    ssh_command.extend([f"lagoon@{ssh_host}", 'token'])
+    ssh_command.extend([f"lagoon@{ssh_host}", 'grant'])
 
     try:
         ssh_res = subprocess.run(ssh_command, capture_output=True, check=True)
@@ -33,4 +34,6 @@ def fetch_token(ssh_host, ssh_port, ssh_options: Union[str, List[str]], key_path
         print(e.stderr)
         print(e.stdout)
         raise
-    return ssh_res.returncode, ssh_res.stdout.strip(), ssh_res.stderr
+
+    grant_token = json.loads(ssh_res.stdout.strip())
+    return ssh_res.returncode, grant_token, ssh_res.stderr
diff --git a/api/plugins/modules/token.py b/api/plugins/modules/token.py
index d7c673e..44fb87f 100644
--- a/api/plugins/modules/token.py
+++ b/api/plugins/modules/token.py
@@ -4,6 +4,12 @@
 DOCUMENTATION = r'''
 module: token
 short_description: Fetches a Lagoon token using ssh
+options:
+  grant:
+    description:
+      - Return the full grant token object, with expiry & refresh token.
+    type: bool
+    default: false
 '''
 
 EXAMPLES = r'''