diff --git a/native/cpp/CommonCpp/grpc/protos/identity.proto b/native/cpp/CommonCpp/grpc/protos/identity.proto
--- a/native/cpp/CommonCpp/grpc/protos/identity.proto
+++ b/native/cpp/CommonCpp/grpc/protos/identity.proto
@@ -42,7 +42,7 @@
     // Answer sent to the user upon reception of the PAKE login attempt,
     // containing a sealed envelope with the user's private key (step 2)
     bytes pakeCredentialResponse = 1;
-    bytes token = 2;
+    string token = 2;
   }
 }
 
@@ -110,7 +110,7 @@
 message VerifyUserTokenRequest {
   string userID = 1;
   string deviceID = 2;
-  bytes token = 3;
+  string token = 3;
 }
 
 message VerifyUserTokenResponse {
diff --git a/services/identity/src/database.rs b/services/identity/src/database.rs
--- a/services/identity/src/database.rs
+++ b/services/identity/src/database.rs
@@ -288,7 +288,7 @@
     match auth_type.as_str() {
       "password" => Ok(AuthType::Password),
       "wallet" => Ok(AuthType::Wallet),
-      unsupported => Err(Error::InvalidAuthType),
+      _ => Err(Error::InvalidAuthType),
     }
   } else {
     Err(Error::MissingAttribute)
diff --git a/services/identity/src/service.rs b/services/identity/src/service.rs
--- a/services/identity/src/service.rs
+++ b/services/identity/src/service.rs
@@ -1,9 +1,11 @@
 use futures_core::Stream;
+use rusoto_core::RusotoError;
+use rusoto_dynamodb::GetItemError;
 use std::pin::Pin;
 use tonic::{Request, Response, Status};
 
-use crate::config::Config;
 use crate::database::DatabaseClient;
+use crate::{config::Config, database::Error};
 
 pub use proto::identity_service_server::IdentityServiceServer;
 use proto::{
@@ -53,7 +55,41 @@
     &self,
     request: Request<VerifyUserTokenRequest>,
   ) -> Result<Response<VerifyUserTokenResponse>, Status> {
-    println!("Got a lookup request: {:?}", request);
-    unimplemented!()
+    let message = request.into_inner();
+    let token_valid = match self
+      .client
+      .get_token(message.user_id, message.device_id)
+      .await
+    {
+      Ok(Some(access_token)) => access_token.token == message.token,
+      Ok(None) => false,
+      Err(Error::RusotoGet(RusotoError::Service(
+        GetItemError::ResourceNotFound(e),
+      ))) => {
+        return Err(Status::failed_precondition(format!(
+          "Database table or index not found: {}",
+          e
+        )))
+      }
+      Err(Error::RusotoGet(RusotoError::Credentials(e))) => {
+        return Err(Status::failed_precondition(format!(
+          "AWS credentials misconfigured: {}",
+          e
+        )))
+      }
+      Err(Error::RusotoGet(e)) => {
+        return Err(Status::unavailable(format!(
+          "Encountered a retryable error: {}",
+          e
+        )))
+      }
+      Err(e) => {
+        return Err(Status::failed_precondition(format!(
+          "Encountered an unexpected error: {}",
+          e
+        )))
+      }
+    };
+    Ok(Response::new(VerifyUserTokenResponse { token_valid }))
   }
 }