diff --git a/FirebaseAuth/Sources/Swift/Auth/Auth.swift b/FirebaseAuth/Sources/Swift/Auth/Auth.swift
index 814588201a1..de22db9c955 100644
--- a/FirebaseAuth/Sources/Swift/Auth/Auth.swift
+++ b/FirebaseAuth/Sources/Swift/Auth/Auth.swift
@@ -2382,7 +2382,16 @@ extension Auth: AuthInterop {
   private let keychainServices: AuthKeychainServices
 
   /// The user access (ID) token used last time for posting auth state changed notification.
-  private var lastNotifiedUserToken: String?
+  ///
+  /// - Note: The atomic wrapper can be removed when the SDK is fully
+  /// synchronized with structured concurrency.
+  private var lastNotifiedUserToken: String? {
+    get { lastNotifiedUserTokenLock.withLock { _lastNotifiedUserToken } }
+    set { lastNotifiedUserTokenLock.withLock { _lastNotifiedUserToken = newValue } }
+  }
+
+  private var _lastNotifiedUserToken: String?
+  private var lastNotifiedUserTokenLock = NSLock()
 
   /// This flag denotes whether or not tokens should be automatically refreshed.
   /// Will only be set to `true` if the another Firebase service is included (additionally to
diff --git a/FirebaseAuth/Sources/Swift/SystemService/SecureTokenService.swift b/FirebaseAuth/Sources/Swift/SystemService/SecureTokenService.swift
index a24ce10aabc..a0cfa6faed0 100644
--- a/FirebaseAuth/Sources/Swift/SystemService/SecureTokenService.swift
+++ b/FirebaseAuth/Sources/Swift/SystemService/SecureTokenService.swift
@@ -125,8 +125,17 @@ class SecureTokenService: NSObject, NSSecureCoding {
   ///
   /// This method is specifically for providing the access token to internal clients during
   /// deserialization and sign-in events, and should not be used to retrieve the access token by
-  ///     anyone else.
-  var accessToken: String
+  /// anyone else.
+  ///
+  /// - Note: The atomic wrapper can be removed when the SDK is fully
+  /// synchronized with structured concurrency.
+  var accessToken: String {
+    get { accessTokenLock.withLock { _accessToken } }
+    set { accessTokenLock.withLock { _accessToken = newValue } }
+  }
+
+  private var _accessToken: String
+  private let accessTokenLock = NSLock()
 
   /// The refresh token for the user, or `nil` if the user has yet completed sign-in flow.
   ///
@@ -147,7 +156,7 @@ class SecureTokenService: NSObject, NSSecureCoding {
        refreshToken: String) {
     internalService = SecureTokenServiceInternal()
     self.requestConfiguration = requestConfiguration
-    self.accessToken = accessToken
+    _accessToken = accessToken
     self.accessTokenExpirationDate = accessTokenExpirationDate
     self.refreshToken = refreshToken
   }