diff --git a/src/access_tokens.ts b/src/access_tokens.ts
index 96d2ee5..ca21e9b 100644
--- a/src/access_tokens.ts
+++ b/src/access_tokens.ts
@@ -76,3 +76,21 @@ export class EncryptedAccessTokens implements AccessTokens {
     }
   }
 }
+
+export class AccessTokenPerAuthToken implements AccessTokens {
+  authTokenToAccessToken = new Map<string, string>();
+  accessTokenToAuthToken = new Map<string, string>();
+
+  mint = (authToken: string): string => {
+    if (this.authTokenToAccessToken.has(authToken)) {
+      return this.authTokenToAccessToken.get(authToken)!;
+    } else {
+      const accessToken = uuid();
+      this.authTokenToAccessToken.set(authToken, accessToken);
+      this.accessTokenToAuthToken.set(accessToken, authToken);
+      return accessToken;
+    }
+  };
+
+  authTokenFor = (value: string): string | undefined => this.accessTokenToAuthToken.get(value);
+}
diff --git a/src/server.ts b/src/server.ts
index 286e6cf..bf5e20c 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -13,9 +13,7 @@ import {
 import { LinkCodes, InMemoryLinkCodes } from "./link_codes";
 import { MusicService, isSuccess } from "./music_service";
 import bindSmapiSoapServiceToExpress from "./smapi";
-import { AccessTokens, EncryptedAccessTokens } from "./access_tokens";
-import encryption from "./encryption";
-import randomString from "./random_string";
+import { AccessTokens, AccessTokenPerAuthToken } from "./access_tokens";
 
 export const BONOB_ACCESS_TOKEN_HEADER = "bonob-access-token";
 
@@ -25,9 +23,7 @@ function server(
   webAddress: string | "http://localhost:4534",
   musicService: MusicService,
   linkCodes: LinkCodes = new InMemoryLinkCodes(),
-  accessTokens: AccessTokens = new EncryptedAccessTokens(
-    encryption(randomString())
-  )
+  accessTokens: AccessTokens = new AccessTokenPerAuthToken()
 ): Express {
   const app = express();
 
diff --git a/tests/access_tokens.test.ts b/tests/access_tokens.test.ts
index e160623..331b208 100644
--- a/tests/access_tokens.test.ts
+++ b/tests/access_tokens.test.ts
@@ -2,6 +2,7 @@ import { v4 as uuid } from "uuid";
 import dayjs from "dayjs";
 
 import {
+  AccessTokenPerAuthToken,
   EncryptedAccessTokens,
   ExpiringAccessTokens,
 } from "../src/access_tokens";
@@ -178,3 +179,33 @@ describe("EncryptedAccessTokens", () => {
     });
   });
 });
+
+describe("AccessTokenPerAuthToken", () => {
+  const accessTokens = new AccessTokenPerAuthToken();
+
+  it("should return the same access token for the same auth token", () => {
+    const authToken = "token1";
+    
+    const accessToken1 = accessTokens.mint(authToken);
+    const accessToken2 = accessTokens.mint(authToken);
+
+    expect(accessToken1).not.toEqual(authToken);
+    expect(accessToken1).toEqual(accessToken2);
+  });
+
+  describe("when there is an auth token for the access token", () => {
+    it("should be able to retrieve it", () => {
+      const authToken = uuid();
+      const accessToken = accessTokens.mint(authToken);
+
+      expect(accessTokens.authTokenFor(accessToken)).toEqual(authToken);
+    });
+  });
+
+  describe("when there is no auth token for the access token", () => {
+    it("should return undefined", () => {
+      expect(accessTokens.authTokenFor(uuid())).toBeUndefined();
+    });
+  });
+
+});