diff --git a/services/identity/Cargo.lock b/services/identity/Cargo.lock
--- a/services/identity/Cargo.lock
+++ b/services/identity/Cargo.lock
@@ -694,6 +694,7 @@
  "futures-core",
  "opaque-ke",
  "prost",
+ "rand",
  "rusoto_core",
  "rusoto_dynamodb",
  "sha2",
diff --git a/services/identity/Cargo.toml b/services/identity/Cargo.toml
--- a/services/identity/Cargo.toml
+++ b/services/identity/Cargo.toml
@@ -20,6 +20,7 @@
 tracing = "0.1"
 tracing-subscriber = "0.3"
 chrono = "0.4.19"
+rand = "0.8"
 
 [build-dependencies]
 tonic-build = "0.6"
diff --git a/services/identity/src/token.rs b/services/identity/src/token.rs
--- a/services/identity/src/token.rs
+++ b/services/identity/src/token.rs
@@ -1,4 +1,8 @@
 use chrono::{DateTime, Utc};
+use rand::{
+  distributions::{Alphanumeric, DistString},
+  CryptoRng, Rng,
+};
 
 pub enum AuthType {
   Password,
@@ -13,3 +17,21 @@
   pub auth_type: AuthType,
   pub valid: bool,
 }
+
+impl AccessToken {
+  pub fn new(
+    user_id: String,
+    device_id: String,
+    auth_type: AuthType,
+    rng: &mut (impl Rng + CryptoRng),
+  ) -> Self {
+    AccessToken {
+      user_id: user_id,
+      device_id: device_id,
+      token: Alphanumeric.sample_string(rng, 512),
+      created: Utc::now(),
+      auth_type: auth_type,
+      valid: true,
+    }
+  }
+}