diff --git a/src/api/client/device.rs b/src/api/client/device.rs
index 581870f5..1ca3152d 100644
--- a/src/api/client/device.rs
+++ b/src/api/client/device.rs
@@ -97,7 +97,7 @@ pub(crate) async fn update_device_route(
 				.create_device(
 					sender_user,
 					&device_id,
-					(&appservice.registration.as_token, None),
+					(Some(&appservice.registration.as_token), None),
 					None,
 					None,
 					Some(client.to_string()),
diff --git a/src/api/client/register.rs b/src/api/client/register.rs
index 3f012180..1a54f565 100644
--- a/src/api/client/register.rs
+++ b/src/api/client/register.rs
@@ -446,7 +446,7 @@ pub(crate) async fn register_route(
 		.create_device(
 			&user_id,
 			&device_id,
-			(&access_token, expires_in),
+			(Some(&access_token), expires_in),
 			refresh_token.as_deref(),
 			body.initial_device_display_name.clone(),
 			Some(client.to_string()),
diff --git a/src/api/client/session/mod.rs b/src/api/client/session/mod.rs
index a158684a..edb0fe66 100644
--- a/src/api/client/session/mod.rs
+++ b/src/api/client/session/mod.rs
@@ -116,7 +116,7 @@ pub(crate) async fn login_route(
 			.create_device(
 				&user_id,
 				&device_id,
-				(&access_token, expires_in),
+				(Some(&access_token), expires_in),
 				refresh_token.as_deref(),
 				body.initial_device_display_name.clone(),
 				Some(client.to_string()),
diff --git a/src/service/users/device.rs b/src/service/users/device.rs
index 544902a5..3a7be477 100644
--- a/src/service/users/device.rs
+++ b/src/service/users/device.rs
@@ -24,12 +24,12 @@ pub const TOKEN_LENGTH: usize = 32;
 
 /// Adds a new device to a user.
 #[implement(super::Service)]
-#[tracing::instrument(level = "debug", skip(self))]
+#[tracing::instrument(level = "info", skip(self, access_token))]
 pub async fn create_device(
 	&self,
 	user_id: &UserId,
 	device_id: &DeviceId,
-	(access_token, expires_in): (&str, Option<Duration>),
+	(access_token, expires_in): (Option<&str>, Option<Duration>),
 	refresh_token: Option<&str>,
 	initial_device_display_name: Option<String>,
 	client_ip: Option<String>,
@@ -50,13 +50,18 @@ pub async fn create_device(
 
 	increment(&self.db.userid_devicelistversion, user_id.as_bytes());
 	self.db.userdeviceid_metadata.put(key, Json(val));
-	self.set_access_token(user_id, device_id, access_token, expires_in, refresh_token)
-		.await
+
+	if let Some(access_token) = access_token {
+		self.set_access_token(user_id, device_id, access_token, expires_in, refresh_token)
+			.await?;
+	}
+
+	Ok(())
 }
 
 /// Removes a device from a user.
 #[implement(super::Service)]
-#[tracing::instrument(level = "debug", skip(self))]
+#[tracing::instrument(level = "info", skip(self))]
 pub async fn remove_device(&self, user_id: &UserId, device_id: &DeviceId) {
 	// Remove access tokens
 	self.remove_tokens(user_id, device_id).await;
@@ -155,6 +160,11 @@ pub async fn set_access_token(
 	expires_in: Option<Duration>,
 	refresh_token: Option<&str>,
 ) -> Result {
+	assert!(
+		access_token.len() >= TOKEN_LENGTH,
+		"Caller must supply an access_token >= {TOKEN_LENGTH} chars."
+	);
+
 	if let Some(refresh_token) = refresh_token {
 		self.set_refresh_token(user_id, device_id, refresh_token)
 			.await?;