diff --git a/services/identity/src/service.rs b/services/identity/src/service.rs
--- a/services/identity/src/service.rs
+++ b/services/identity/src/service.rs
@@ -81,8 +81,12 @@
   ) -> Result<Response<Self::LoginUserStream>, Status> {
     let mut in_stream = request.into_inner();
     let (tx, rx) = mpsc::channel(1);
+    let config = self.config.clone();
     let client = self.client.clone();
     tokio::spawn(async move {
+      let mut user_id: String = "".to_string();
+      let mut device_id: String = "".to_string();
+      let mut server_login: Option<ServerLogin<Cipher>> = None;
       let mut num_messages_received = 0;
       while let Some(message) = in_stream.next().await {
         match message {
@@ -106,7 +110,84 @@
                   }
                   break;
                 }
-                PakeLoginRequest(_) => unimplemented!(),
+                PakeLoginRequest(req) => {
+                  if let Some(data) = req.data {
+                    match data {
+                      PakeCredentialRequestAndUserId(
+                        pake_credential_request_and_user_id,
+                      ) => {
+                        if let Err(e) = tx
+                          .send(
+                            pake_login_start(
+                              config.clone(),
+                              client.clone(),
+                              &pake_credential_request_and_user_id.user_id,
+                              &pake_credential_request_and_user_id
+                                .pake_credential_request,
+                              &mut server_login,
+                              num_messages_received,
+                              PakeWorkflow::Login,
+                            )
+                            .await
+                            .map(
+                              |pake_login_response| LoginResponse {
+                                data: Some(PakeLoginResponse(
+                                  pake_login_response,
+                                )),
+                              },
+                            ),
+                          )
+                          .await
+                        {
+                          error!("Response was dropped: {}", e);
+                          break;
+                        }
+                        user_id = pake_credential_request_and_user_id.user_id;
+                        device_id =
+                          pake_credential_request_and_user_id.device_id;
+                      }
+                      PakeCredentialFinalization(
+                        pake_credential_finalization,
+                      ) => {
+                        if let Err(e) = tx
+                          .send(
+                            pake_login_finish(
+                              &user_id,
+                              &device_id,
+                              client,
+                              server_login,
+                              &pake_credential_finalization,
+                              &mut OsRng,
+                              num_messages_received,
+                              PakeWorkflow::Login,
+                            )
+                            .await
+                            .map(
+                              |pake_login_response| LoginResponse {
+                                data: Some(PakeLoginResponse(
+                                  pake_login_response,
+                                )),
+                              },
+                            ),
+                          )
+                          .await
+                        {
+                          error!("Response was dropped: {}", e);
+                        }
+                        break;
+                      }
+                    }
+                  } else {
+                    error!("Received empty PAKE login request");
+                    if let Err(e) = tx
+                      .send(Err(Status::invalid_argument("invalid message")))
+                      .await
+                    {
+                      error!("Response was dropped: {}", e);
+                    }
+                    break;
+                  }
+                }
               }
             } else {
               error!("Received empty login request");