the grapevine suggests that such a sample exists - wherein the owin pipeline has an event handler that converts the auth code to a "TGT" (multi-API callable refresh token) AND THEN stores the results in the ASP.NET session.
This of course requires owin pipeline events/notifications to be properly synchronised with session events - that create/open the session store.
I'm hoping that the purported sample of storing tokens in asp.net session is in source, so I can amend it. Our session store persists values for multiple "app-specific login sessions", per session cookie. Thus we need to store multiple token sets, in the same session, for user on virtual SP A, and virtual SP B (and C...)