Access to digital content may be controlled by receiving a rights locker enrollment request from a user device associated with a user, where the rights locker enrollment request comprises a digital content request and enrollment authentication data. A determination of whether the user is authorized comprises determining the rights of the user to access the rights locker and the rights of the user to digital content specified by the digital content request. If the user is authorized, the rights locker is initialized with rights to the digital content. If a first token used to create the authenticated rights locker access request has been fully redeemed, a new token that authenticates future access to a rights locker corresponding to the digital content is obtained. An authenticated rights locker access request that is based at least in part on the new token is created and then sent.