diff --git a/moto/cognitoidp/models.py b/moto/cognitoidp/models.py
index 478ceffb2..78025627a 100644
--- a/moto/cognitoidp/models.py
+++ b/moto/cognitoidp/models.py
@@ -108,7 +108,9 @@ class CognitoIdpUserPool(BaseModel):
 
         return user_pool_json
 
-    def create_jwt(self, client_id, username, expires_in=60 * 60, extra_data={}):
+    def create_jwt(
+        self, client_id, username, token_use, expires_in=60 * 60, extra_data={}
+    ):
         now = int(time.time())
         payload = {
             "iss": "https://cognito-idp.{}.amazonaws.com/{}".format(
@@ -116,7 +118,7 @@ class CognitoIdpUserPool(BaseModel):
             ),
             "sub": self.users[username].id,
             "aud": client_id,
-            "token_use": "id",
+            "token_use": token_use,
             "auth_time": now,
             "exp": now + expires_in,
         }
@@ -125,7 +127,7 @@ class CognitoIdpUserPool(BaseModel):
         return jws.sign(payload, self.json_web_key, algorithm="RS256"), expires_in
 
     def create_id_token(self, client_id, username):
-        id_token, expires_in = self.create_jwt(client_id, username)
+        id_token, expires_in = self.create_jwt(client_id, username, "id")
         self.id_tokens[id_token] = (client_id, username)
         return id_token, expires_in
 
@@ -137,7 +139,7 @@ class CognitoIdpUserPool(BaseModel):
     def create_access_token(self, client_id, username):
         extra_data = self.get_user_extra_data_by_client_id(client_id, username)
         access_token, expires_in = self.create_jwt(
-            client_id, username, extra_data=extra_data
+            client_id, username, "access", extra_data=extra_data
         )
         self.access_tokens[access_token] = (client_id, username)
         return access_token, expires_in
diff --git a/tests/test_cognitoidp/test_cognitoidp.py b/tests/test_cognitoidp/test_cognitoidp.py
index 7ac1038b0..79e6dbbb8 100644
--- a/tests/test_cognitoidp/test_cognitoidp.py
+++ b/tests/test_cognitoidp/test_cognitoidp.py
@@ -1142,11 +1142,13 @@ def test_token_legitimacy():
     id_claims = json.loads(jws.verify(id_token, json_web_key, "RS256"))
     id_claims["iss"].should.equal(issuer)
     id_claims["aud"].should.equal(client_id)
+    id_claims["token_use"].should.equal("id")
     access_claims = json.loads(jws.verify(access_token, json_web_key, "RS256"))
     access_claims["iss"].should.equal(issuer)
     access_claims["aud"].should.equal(client_id)
     for k, v in outputs["additional_fields"].items():
         access_claims[k].should.equal(v)
+    access_claims["token_use"].should.equal("access")
 
 
 @mock_cognitoidp