diff --git a/athenz/src/main/java/com/linecorp/armeria/client/athenz/TokenClient.java b/athenz/src/main/java/com/linecorp/armeria/client/athenz/TokenClient.java
index 880a8df707b..8cab0fed0a8 100644
--- a/athenz/src/main/java/com/linecorp/armeria/client/athenz/TokenClient.java
+++ b/athenz/src/main/java/com/linecorp/armeria/client/athenz/TokenClient.java
@@ -16,10 +16,35 @@
 
 package com.linecorp.armeria.client.athenz;
 
+import static java.util.Objects.requireNonNull;
+
+import java.time.Duration;
+import java.util.List;
 import java.util.concurrent.CompletableFuture;
 
+import com.google.common.collect.ImmutableList;
+
+import com.linecorp.armeria.common.annotation.UnstableApi;
+import com.linecorp.armeria.common.athenz.TokenType;
+
+@UnstableApi
 @FunctionalInterface
-interface TokenClient {
+public interface TokenClient {
 
     CompletableFuture<String> getToken();
+
+    static TokenClient of(ZtsBaseClient ztsBaseClient, String domainName, List<String> roleNames,
+                          TokenType tokenType, Duration refreshBefore) {
+        requireNonNull(ztsBaseClient, "ztsBaseClient");
+        requireNonNull(domainName, "domainName");
+        requireNonNull(roleNames, "roleNames");
+        requireNonNull(tokenType, "tokenType");
+        requireNonNull(refreshBefore, "refreshBefore");
+        final ImmutableList<String> immutableRoleNames = ImmutableList.copyOf(roleNames);
+        if (tokenType.isRoleToken()) {
+            return new RoleTokenClient(ztsBaseClient, domainName, immutableRoleNames, refreshBefore);
+        } else {
+            return new AccessTokenClient(ztsBaseClient, domainName, immutableRoleNames, refreshBefore);
+        }
+    }
 }