diff --git a/src/libs/crypto/index.ts b/src/libs/crypto/index.ts
index 71c67fe..ee63012 100644
--- a/src/libs/crypto/index.ts
+++ b/src/libs/crypto/index.ts
@@ -6,7 +6,8 @@ import { HDNode } from "@ethersproject/hdnode";
 import * as didJwt from "did-jwt";
 import * as u8a from "uint8arrays";
 
-import { ENDORSER_JWT_URL_LOCATION } from "@/libs/endorserServer";
+import { Account } from "@/db/tables/accounts";
+import { createEndorserJwt, ENDORSER_JWT_URL_LOCATION } from "@/libs/endorserServer";
 import { DEFAULT_DID_PROVIDER_NAME } from "../veramo/setup";
 
 export const DEFAULT_ROOT_DERIVATION_PATH = "m/84737769'/0'/0'/0'";
@@ -88,23 +89,35 @@ export const generateSeed = (): string => {
  * @param {IIdentifier} identifier
  * @return {*}
  */
-export const accessToken = async (identifier: IIdentifier) => {
-  const did: string = identifier.did;
-  const privateKeyHex: string = identifier.keys[0].privateKeyHex as string;
-
-  const signer = SimpleSigner(privateKeyHex);
-
-  const nowEpoch = Math.floor(Date.now() / 1000);
-  const endEpoch = nowEpoch + 60; // add one minute
-
-  const tokenPayload = { exp: endEpoch, iat: nowEpoch, iss: did };
-  const alg = undefined; // defaults to 'ES256K', more standardized but harder to verify vs ES256K-R
-  const jwt: string = await didJwt.createJWT(tokenPayload, {
-    alg,
-    issuer: did,
-    signer,
-  });
-  return jwt;
+export const accessToken = async (
+  identifier: IIdentifier | undefined,
+  did?: string,
+) => {
+  if (did) {
+    const nowEpoch = Math.floor(Date.now() / 1000);
+    const endEpoch = nowEpoch + 60; // add one minute
+    const tokenPayload = { exp: endEpoch, iat: nowEpoch, iss: did };
+    return createEndorserJwt(did, tokenPayload);
+  } else {
+    // deprecated
+    // must have identifier
+    const did = identifier?.did;
+    const privateKeyHex: string = identifier?.keys[0].privateKeyHex as string;
+
+    const signer = SimpleSigner(privateKeyHex);
+
+    const nowEpoch = Math.floor(Date.now() / 1000);
+    const endEpoch = nowEpoch + 60; // add one minute
+
+    const tokenPayload = { exp: endEpoch, iat: nowEpoch, iss: did };
+    const alg = undefined; // defaults to 'ES256K', more standardized but harder to verify vs ES256K-R
+    const jwt: string = await didJwt.createJWT(tokenPayload, {
+      alg,
+      issuer: did || "no DID set",
+      signer,
+    });
+    return jwt;
+  }
 };
 
 export const sign = async (privateKeyHex: string) => {
diff --git a/src/libs/crypto/passkeyHelpers.ts b/src/libs/crypto/passkeyHelpers.ts
index 5e3daab..59f6b98 100644
--- a/src/libs/crypto/passkeyHelpers.ts
+++ b/src/libs/crypto/passkeyHelpers.ts
@@ -88,7 +88,7 @@ export function getWebCrypto(): Promise<{ subtle: SubtleCrypto }> {
   );
   return toResolve;
 }
-export class MissingWebCrypto extends Error {
+class MissingWebCrypto extends Error {
   constructor() {
     const message = "An instance of the Crypto API could not be located";
     super(message);
@@ -96,7 +96,7 @@ export class MissingWebCrypto extends Error {
   }
 }
 // Make it possible to stub return values during testing
-export const _getWebCryptoInternals = {
+const _getWebCryptoInternals = {
   stubThisGlobalThisCrypto: () => globalThis.crypto,
   // Make it possible to reset the `webCrypto` at the top of the file
   setCachedCrypto: (newCrypto: { subtle: SubtleCrypto }) => {
diff --git a/src/libs/didPeer.ts b/src/libs/didPeer.ts
index 7a90c80..acc0fbf 100644
--- a/src/libs/didPeer.ts
+++ b/src/libs/didPeer.ts
@@ -117,13 +117,17 @@ export class PeerSetup {
     issuerDid: string,
     payload: object,
     credIdHex: string,
+    expMinutes: number = 1,
   ) {
     const credentialId = arrayBufferToBase64URLString(
       Buffer.from(credIdHex, "hex").buffer,
     );
+    const issuedAt = Math.floor(Date.now() / 1000);
+    const expiryTime = Math.floor(Date.now() / 1000) + expMinutes * 60; // some minutes from now
     const fullPayload = {
       ...payload,
-      iat: Math.floor(Date.now() / 1000),
+      exp: expiryTime,
+      iat: issuedAt,
       iss: issuerDid,
     };
     this.challenge = new Uint8Array(Buffer.from(JSON.stringify(fullPayload)));
@@ -159,7 +163,8 @@ export class PeerSetup {
     const dataInJwt = {
       AuthenticationDataB64URL: authenticatorDataBase64Url,
       ClientDataJSONB64URL: this.clientDataJsonBase64Url,
-      iat: Math.floor(Date.now() / 1000),
+      exp: expiryTime,
+      iat: issuedAt,
       iss: issuerDid,
     };
     const dataInJwtString = JSON.stringify(dataInJwt);
@@ -178,10 +183,14 @@ export class PeerSetup {
     issuerDid: string,
     payload: object,
     credIdHex: string,
+    expMinutes: number = 1,
   ) {
+    const issuedAt = Math.floor(Date.now() / 1000);
+    const expiryTime = Math.floor(Date.now() / 1000) + expMinutes * 60; // some minutes from now
     const fullPayload = {
       ...payload,
-      iat: Math.floor(Date.now() / 1000),
+      exp: expiryTime,
+      iat: issuedAt,
       iss: issuerDid,
     };
     const dataToSignString = JSON.stringify(fullPayload);
@@ -227,7 +236,8 @@ export class PeerSetup {
     const dataInJwt = {
       AuthenticationDataB64URL: authenticatorDataBase64Url,
       ClientDataJSONB64URL: this.clientDataJsonBase64Url,
-      iat: Math.floor(Date.now() / 1000),
+      exp: expiryTime,
+      iat: issuedAt,
       iss: issuerDid,
     };
     const dataInJwtString = JSON.stringify(dataInJwt);
@@ -308,6 +318,16 @@ export class PeerSetup {
   // }
 }
 
+export async function createDidPeerJwt(
+  did: string,
+  credIdHex: string,
+  payload: object,
+): Promise<string> {
+  const peerSetup = new PeerSetup();
+  const jwt = await peerSetup.createJwtNavigator(did, payload, credIdHex);
+  return jwt;
+}
+
 // I'd love to use this but it doesn't verify.
 // Requires:
 // npm install @noble/curves
@@ -380,6 +400,7 @@ export async function verifyJwtSimplewebauthn(
   return verification.verified;
 }
 
+// similar code is in endorser-ch util-crypto.ts verifyPeerSignature
 export async function verifyJwtWebCrypto(
   credId: Base64URLString,
   issuerDid: string,
diff --git a/src/libs/endorserServer.ts b/src/libs/endorserServer.ts
index 835fe5d..e4894ac 100644
--- a/src/libs/endorserServer.ts
+++ b/src/libs/endorserServer.ts
@@ -2,7 +2,6 @@ import {
   Axios,
   AxiosRequestConfig,
   AxiosResponse,
-  RawAxiosRequestHeaders,
 } from "axios";
 import * as didJwt from "did-jwt";
 import { LRUCache } from "lru-cache";
@@ -13,7 +12,8 @@ import { DEFAULT_IMAGE_API_SERVER } from "@/constants/app";
 import { Contact } from "@/db/tables/contacts";
 import { accessToken, SimpleSigner } from "@/libs/crypto";
 import { NonsensitiveDexie } from "@/db/index";
-import { getIdentity } from "@/libs/util";
+import { createDidPeerJwt } from "@/libs/didPeer";
+import { getAccount, getIdentity } from "@/libs/util";
 
 export const SCHEMA_ORG_CONTEXT = "https://schema.org";
 // the object in RegisterAction claims
@@ -160,7 +160,7 @@ export interface OfferVerifiableCredential {
 // Note that previous VCs may have additional fields.
 // https://endorser.ch/doc/html/transactions.html#id7
 export interface PlanVerifiableCredential {
-  "@context": SCHEMA_ORG_CONTEXT;
+  "@context": "https://schema.org";
   "@type": "PlanAction";
   name: string;
   agent?: { identifier: string };
@@ -453,28 +453,30 @@ export function didInfo(
   return didInfoForContact(did, activeDid, contact, allMyDids).displayName;
 }
 
-async function getHeaders(identity: IIdentifier | null) {
-  const headers: RawAxiosRequestHeaders = {
+export async function getHeaders(did?: string) {
+  const headers: { "Content-Type": string; Authorization?: string } = {
     "Content-Type": "application/json",
   };
-  if (identity) {
-    const token = await accessToken(identity);
+  if (did) {
+    const token = await accessToken(undefined, did);
     headers["Authorization"] = "Bearer " + token;
+  } else {
+    // it's often OK to request without auth; we assume necessary checks are done earlier
   }
   return headers;
 }
 
 /**
  * @param handleId nullable, in which case "undefined" will be returned
- * @param identity nullable, in which case no private info will be returned
+ * @param requesterDid optional, in which case no private info will be returned
  * @param axios
  * @param apiServer
  */
 export async function getPlanFromCache(
   handleId: string | null,
-  identity: IIdentifier | null,
   axios: Axios,
   apiServer: string,
+  requesterDid?: string,
 ): Promise<PlanSummaryRecord | undefined> {
   if (!handleId) {
     return undefined;
@@ -485,7 +487,7 @@ export async function getPlanFromCache(
       apiServer +
       "/api/v2/report/plans?handleId=" +
       encodeURIComponent(handleId);
-    const headers = await getHeaders(identity);
+    const headers = await getHeaders(requesterDid);
     try {
       const resp = await axios.get(url, { headers });
       if (resp.status === 200 && resp.data?.data?.length > 0) {
@@ -944,18 +946,34 @@ export const bvcMeetingJoinClaim = (did: string, startTime: string) => {
   };
 };
 
+export async function createEndorserJwt(did: string, payload: object) {
+  const account = await getAccount(did);
+  if (account.identity) {
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    const identity = JSON.parse(account.identity!);
+    const privateKeyHex = identity.keys[0].privateKeyHex;
+    const signer = await SimpleSigner(privateKeyHex);
+    return didJwt.createJWT(payload, {
+      issuer: did,
+      signer: signer,
+    });
+  } else if (account.passkeyCredIdHex) {
+    return createDidPeerJwt(did, account.passkeyCredIdHex, payload);
+  } else {
+    throw new Error("No identity data found to sign for DID " + did);
+  }
+}
+
 export async function register(
   activeDid: string,
   apiServer: string,
   axios: Axios,
   contact: Contact,
 ) {
-  const identity = await getIdentity(activeDid);
-
   const vcClaim: RegisterVerifiableCredential = {
     "@context": SCHEMA_ORG_CONTEXT,
     "@type": "RegisterAction",
-    agent: { identifier: identity.did },
+    agent: { identifier: activeDid },
     object: SERVICE_ID,
     participant: { identifier: contact.did },
   };
@@ -968,26 +986,10 @@ export async function register(
     },
   };
   // Create a signature using private key of identity
-  if (identity.keys[0].privateKeyHex == null) {
-    return { error: "Private key not found." };
-  }
-  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-  const privateKeyHex: string = identity.keys[0].privateKeyHex!;
-  const signer = await SimpleSigner(privateKeyHex);
-  const alg = undefined;
-  // Create a JWT for the request
-  const vcJwt: string = await didJwt.createJWT(vcPayload, {
-    alg: alg,
-    issuer: identity.did,
-    signer: signer,
-  });
-
-  // Make the xhr request payload
-  const payload = JSON.stringify({ jwtEncoded: vcJwt });
-  const url = apiServer + "/api/v2/claim";
-  const headers = await getHeaders(identity);
+  const vcJwt = await createEndorserJwt(activeDid, vcPayload);
 
-  const resp = await axios.post(url, payload, { headers });
+  const url = apiServer + "/api/v2/claim";
+  const resp = await axios.post(url, { jwtEncoded: vcJwt });
   if (resp.data?.success?.handleId) {
     return { success: true };
   } else if (resp.data?.success?.embeddedRecordError) {
@@ -1017,7 +1019,7 @@ export async function setVisibilityUtil(
   const url =
     apiServer + "/api/report/" + (visibility ? "canSeeMe" : "cannotSeeMe");
   const identity = await getIdentity(activeDid);
-  const headers = await getHeaders(identity);
+  const headers = await getHeaders(identity.did);
   const payload = JSON.stringify({ did: contact.did });
 
   try {
@@ -1052,10 +1054,10 @@ export async function setVisibilityUtil(
 export async function fetchEndorserRateLimits(
   apiServer: string,
   axios: Axios,
-  identity: IIdentifier,
+  did: string,
 ) {
   const url = `${apiServer}/api/report/rateLimits`;
-  const headers = await getHeaders(identity);
+  const headers = await getHeaders(did);
   return await axios.get(url, { headers } as AxiosRequestConfig);
 }
 
@@ -1070,9 +1072,9 @@ export async function fetchEndorserRateLimits(
 export async function fetchImageRateLimits(
   apiServer: string,
   axios: Axios,
-  identity: IIdentifier,
+  did: string,
 ) {
   const url = DEFAULT_IMAGE_API_SERVER + "/image-limits";
-  const headers = await getHeaders(identity);
+  const headers = await getHeaders(did);
   return await axios.get(url, { headers } as AxiosRequestConfig);
 }
diff --git a/src/libs/util.ts b/src/libs/util.ts
index e4bb9f9..54dd626 100644
--- a/src/libs/util.ts
+++ b/src/libs/util.ts
@@ -196,12 +196,17 @@ export function findAllVisibleToDids(
  *
  **/
 
-export const getIdentity = async (activeDid: string): Promise<IIdentifier> => {
+export const getAccount = async (activeDid: string): Promise<Account> => {
   await accountsDB.open();
   const account = (await accountsDB.accounts
     .where("did")
     .equals(activeDid)
     .first()) as Account;
+  return account;
+};
+
+export const getIdentity = async (activeDid: string): Promise<IIdentifier> => {
+  const account = await getAccount(activeDid);
   const identity = JSON.parse(account?.identity || "null");
 
   if (!identity) {
diff --git a/src/views/AccountViewView.vue b/src/views/AccountViewView.vue
index 98fbf5b..60e046f 100644
--- a/src/views/AccountViewView.vue
+++ b/src/views/AccountViewView.vue
@@ -807,32 +807,6 @@ export default class AccountViewView extends Vue {
     }
   }
 
-  /**
-   * Asynchronously retrieves headers for HTTP requests.
-   *
-   * @param {IIdentifier} identity - The identity object for which to generate the headers.
-   * @returns {Promise<Record<string,string>>} A Promise that resolves to an object containing the headers.
-   *
-   * @throws Will throw an error if unable to generate an access token.
-   */
-  public async getHeaders(
-    identity: IIdentifier,
-  ): Promise<Record<string, string>> {
-    try {
-      const token = await accessToken(identity);
-
-      const headers: Record<string, string> = {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`,
-      };
-
-      return headers;
-    } catch (error) {
-      console.error("Failed to get headers:", error);
-      return Promise.reject(error);
-    }
-  }
-
   // call fn, copy text to the clipboard, then redo fn after 2 seconds
   doCopyTwoSecRedo(text: string, fn: () => void) {
     fn();
@@ -884,7 +858,7 @@ export default class AccountViewView extends Vue {
       this.publicHex = identity.keys[0].publicKeyHex;
       this.publicBase64 = Buffer.from(this.publicHex, "hex").toString("base64");
       this.derivationPath = identity.keys[0].meta?.derivationPath as string;
-      this.checkLimitsFor(identity);
+      this.checkLimitsFor(this.activeDid);
     } else {
       // Handle the case where any of these are null or undefined
     }
@@ -1238,9 +1212,8 @@ export default class AccountViewView extends Vue {
   }
 
   async checkLimits() {
-    const identity = await this.getIdentity(this.activeDid);
-    if (identity) {
-      this.checkLimitsFor(identity);
+    if (this.activeDid) {
+      this.checkLimitsFor(this.activeDid);
     } else {
       this.limitsMessage =
         "You have no identifier, or your data has been corrupted.";
@@ -1252,7 +1225,7 @@ export default class AccountViewView extends Vue {
    *
    * Updates component state variables `limits`, `limitsMessage`, and `loadingLimits`.
    */
-  public async checkLimitsFor(identity: IIdentifier) {
+  public async checkLimitsFor(did: string) {
     this.loadingLimits = true;
     this.limitsMessage = "";
 
@@ -1260,7 +1233,7 @@ export default class AccountViewView extends Vue {
       const resp = await fetchEndorserRateLimits(
         this.apiServer,
         this.axios,
-        identity,
+        did,
       );
       if (resp.status === 200) {
         this.endorserLimits = resp.data;
@@ -1288,7 +1261,7 @@ export default class AccountViewView extends Vue {
         const imageResp = await fetchImageRateLimits(
           this.apiServer,
           this.axios,
-          identity,
+          did,
         );
         if (imageResp.status === 200) {
           this.imageLimits = imageResp.data;
diff --git a/src/views/ClaimAddRawView.vue b/src/views/ClaimAddRawView.vue
index 4655d14..57c98d7 100644
--- a/src/views/ClaimAddRawView.vue
+++ b/src/views/ClaimAddRawView.vue
@@ -29,7 +29,6 @@
 </template>
 
 <script lang="ts">
-import { RawAxiosRequestHeaders } from "axios";
 import { IIdentifier } from "@veramo/core";
 import { Component, Vue } from "vue-facing-decorator";
 
@@ -37,7 +36,6 @@ import GiftedDialog from "@/components/GiftedDialog.vue";
 import { NotificationIface } from "@/constants/app";
 import { accountsDB, db } from "@/db/index";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
 import * as serverUtil from "@/libs/endorserServer";
 import QuickNav from "@/components/QuickNav.vue";
 import { Account } from "@/db/tables/accounts";
@@ -82,18 +80,6 @@ export default class ClaimAddRawView extends Vue {
     return identity;
   }
 
-  public async getHeaders(identity: IIdentifier) {
-    const headers: RawAxiosRequestHeaders = {
-      "Content-Type": "application/json",
-    };
-    if (identity) {
-      const token = await accessToken(identity);
-      headers["Authorization"] = "Bearer " + token;
-    }
-    return headers;
-  }
-
-  // similar code is found in ProjectViewView
   async submitClaim() {
     const fullClaim = JSON.parse(this.claimStr);
     const result = await serverUtil.createAndSubmitClaim(
diff --git a/src/views/ClaimView.vue b/src/views/ClaimView.vue
index a92ff4d..9c95c72 100644
--- a/src/views/ClaimView.vue
+++ b/src/views/ClaimView.vue
@@ -407,7 +407,7 @@
 </template>
 
 <script lang="ts">
-import { AxiosError, RawAxiosRequestHeaders } from "axios";
+import { AxiosError } from "axios";
 import * as yaml from "js-yaml";
 import * as R from "ramda";
 import { IIdentifier } from "@veramo/core";
@@ -419,7 +419,6 @@ import { NotificationIface } from "@/constants/app";
 import { accountsDB, db } from "@/db/index";
 import { Contact } from "@/db/tables/contacts";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
 import * as serverUtil from "@/libs/endorserServer";
 import * as libsUtil from "@/libs/util";
 import QuickNav from "@/components/QuickNav.vue";
@@ -432,7 +431,6 @@ import { GiverReceiverInputInfo } from "@/libs/endorserServer";
 export default class ClaimView extends Vue {
   $notify!: (notification: NotificationIface, timeout?: number) => void;
 
-  accountIdentityStr: string = "null";
   activeDid = "";
   allMyDids: Array<string> = [];
   allContacts: Array<Contact> = [];
@@ -485,15 +483,12 @@ export default class ClaimView extends Vue {
     const accounts = accountsDB.accounts;
     const accountsArr: Array<Account> = await accounts?.toArray();
     this.allMyDids = accountsArr.map((acc) => acc.did);
-    const account = accountsArr.find((acc) => acc.did === this.activeDid);
-    this.accountIdentityStr = (account?.identity as string) || "null";
-    const identity = JSON.parse(this.accountIdentityStr);
 
     const pathParam = window.location.pathname.substring("/claim/".length);
     let claimId;
     if (pathParam) {
       claimId = decodeURIComponent(pathParam);
-      await this.loadClaim(claimId, identity);
+      await this.loadClaim(claimId, this.activeDid);
     } else {
       this.$notify(
         {
@@ -543,17 +538,6 @@ export default class ClaimView extends Vue {
     return identity;
   }
 
-  public async getHeaders(identity: IIdentifier) {
-    const headers: RawAxiosRequestHeaders = {
-      "Content-Type": "application/json",
-    };
-    if (identity) {
-      const token = await accessToken(identity);
-      headers["Authorization"] = "Bearer " + token;
-    }
-    return headers;
-  }
-
   // Isn't there a better way to make this available to the template?
   didInfo(did: string) {
     return serverUtil.didInfo(
@@ -564,12 +548,12 @@ export default class ClaimView extends Vue {
     );
   }
 
-  async loadClaim(claimId: string, identity: IIdentifier) {
+  async loadClaim(claimId: string, userDid: string) {
     const urlPath = libsUtil.isGlobalUri(claimId)
       ? "/api/claim/byHandle/"
       : "/api/claim/";
     const url = this.apiServer + urlPath + encodeURIComponent(claimId);
-    const headers = await this.getHeaders(identity);
+    const headers = await serverUtil.getHeaders(userDid);
 
     try {
       const resp = await this.axios.get(url, { headers });
@@ -601,7 +585,7 @@ export default class ClaimView extends Vue {
           this.apiServer +
           "/api/v2/report/gives?handleId=" +
           encodeURIComponent(this.veriClaim.handleId as string);
-        const giveHeaders = await this.getHeaders(identity);
+        const giveHeaders = await serverUtil.getHeaders(userDid);
         const giveResp = await this.axios.get(giveUrl, {
           headers: giveHeaders,
         });
@@ -615,7 +599,7 @@ export default class ClaimView extends Vue {
           this.apiServer +
           "/api/v2/report/offers?handleId=" +
           encodeURIComponent(this.veriClaim.handleId as string);
-        const offerHeaders = await this.getHeaders(identity);
+        const offerHeaders = await serverUtil.getHeaders(userDid);
         const offerResp = await this.axios.get(offerUrl, {
           headers: offerHeaders,
         });
@@ -631,7 +615,7 @@ export default class ClaimView extends Vue {
         this.apiServer +
         "/api/report/issuersWhoClaimedOrConfirmed?claimId=" +
         encodeURIComponent(serverUtil.stripEndorserPrefix(claimId));
-      const confirmHeaders = await this.getHeaders(identity);
+      const confirmHeaders = await serverUtil.getHeaders(userDid);
       const response = await this.axios.get(confirmUrl, {
         headers: confirmHeaders,
       });
@@ -673,15 +657,9 @@ export default class ClaimView extends Vue {
   }
 
   async showFullClaim(claimId: string) {
-    await accountsDB.open();
-    const accounts = accountsDB.accounts;
-    const accountsArr: Account[] = await accounts?.toArray();
-    const account = accountsArr.find((acc) => acc.did === this.activeDid);
-    const identity = JSON.parse((account?.identity as string) || "null");
-
     const url =
       this.apiServer + "/api/claim/full/" + encodeURIComponent(claimId);
-    const headers = await this.getHeaders(identity);
+    const headers = await serverUtil.getHeaders(this.activeDid);
 
     try {
       const resp = await this.axios.get(url, { headers });
@@ -794,7 +772,7 @@ export default class ClaimView extends Vue {
     };
     this.$router.push(route).then(async () => {
       this.resetThisValues();
-      await this.loadClaim(claimId, JSON.parse(this.accountIdentityStr));
+      await this.loadClaim(claimId, this.activeDid);
     });
   }
 
diff --git a/src/views/ConfirmGiftView.vue b/src/views/ConfirmGiftView.vue
index 4ef5987..7332ce3 100644
--- a/src/views/ConfirmGiftView.vue
+++ b/src/views/ConfirmGiftView.vue
@@ -420,7 +420,6 @@ import { isGiveAction } from "@/libs/util";
 export default class ClaimView extends Vue {
   $notify!: (notification: NotificationIface, timeout?: number) => void;
 
-  accountIdentityStr: string = "null";
   activeDid = "";
   allMyDids: Array<string> = [];
   allContacts: Array<Contact> = [];
@@ -471,9 +470,6 @@ export default class ClaimView extends Vue {
     const accounts = accountsDB.accounts;
     const accountsArr: Array<Account> = await accounts?.toArray();
     this.allMyDids = accountsArr.map((acc) => acc.did);
-    const account = accountsArr.find((acc) => acc.did === this.activeDid);
-    this.accountIdentityStr = (account?.identity as string) || "null";
-    const identity = JSON.parse(this.accountIdentityStr);
 
     const pathParam = window.location.pathname.substring(
       "/confirm-gift/".length,
@@ -481,7 +477,7 @@ export default class ClaimView extends Vue {
     let claimId;
     if (pathParam) {
       claimId = decodeURIComponent(pathParam);
-      await this.loadClaim(claimId, identity);
+      await this.loadClaim(claimId, this.activeDid);
     } else {
       this.$notify(
         {
@@ -546,17 +542,6 @@ export default class ClaimView extends Vue {
     return identity;
   }
 
-  public async getHeaders(identity: IIdentifier) {
-    const headers: RawAxiosRequestHeaders = {
-      "Content-Type": "application/json",
-    };
-    if (identity) {
-      const token = await accessToken(identity);
-      headers["Authorization"] = "Bearer " + token;
-    }
-    return headers;
-  }
-
   // Isn't there a better way to make this available to the template?
   didInfo(did: string | undefined) {
     return serverUtil.didInfo(
@@ -567,14 +552,14 @@ export default class ClaimView extends Vue {
     );
   }
 
-  async loadClaim(claimId: string, identity: IIdentifier) {
+  async loadClaim(claimId: string, userDid: string) {
     const urlPath = libsUtil.isGlobalUri(claimId)
       ? "/api/claim/byHandle/"
       : "/api/claim/";
     const url = this.apiServer + urlPath + encodeURIComponent(claimId);
 
     try {
-      const headers = await this.getHeaders(identity);
+      const headers = await serverUtil.getHeaders(userDid);
       const resp = await this.axios.get(url, { headers });
       // resp.data is:
       // - a Jwt from https://api.endorser.ch/api-docs/
@@ -614,7 +599,7 @@ export default class ClaimView extends Vue {
         this.apiServer +
         "/api/v2/report/gives?handleId=" +
         encodeURIComponent(this.veriClaim.handleId as string);
-      const giveHeaders = await this.getHeaders(identity);
+      const giveHeaders = await serverUtil.getHeaders(userDid);
       const giveResp = await this.axios.get(giveUrl, {
         headers: giveHeaders,
       });
@@ -685,7 +670,7 @@ export default class ClaimView extends Vue {
         this.apiServer +
         "/api/report/issuersWhoClaimedOrConfirmed?claimId=" +
         encodeURIComponent(serverUtil.stripEndorserPrefix(claimId));
-      const confirmHeaders = await this.getHeaders(identity);
+      const confirmHeaders = await serverUtil.getHeaders(userDid);
       const response = await this.axios.get(confirmUrl, {
         headers: confirmHeaders,
       });
@@ -794,7 +779,7 @@ export default class ClaimView extends Vue {
     };
     this.$router.push(route).then(async () => {
       this.resetThisValues();
-      await this.loadClaim(claimId, JSON.parse(this.accountIdentityStr));
+      await this.loadClaim(claimId, this.activeDid);
     });
   }
 
diff --git a/src/views/ContactAmountsView.vue b/src/views/ContactAmountsView.vue
index bd66fd6..f4ff1fb 100644
--- a/src/views/ContactAmountsView.vue
+++ b/src/views/ContactAmountsView.vue
@@ -120,6 +120,7 @@ import { accessToken, SimpleSigner } from "@/libs/crypto";
 import {
   AgreeVerifiableCredential,
   displayAmount,
+  getHeaders,
   GiveSummaryRecord,
   GiveVerifiableCredential,
   SCHEMA_ORG_CONTEXT,
@@ -148,7 +149,7 @@ export default class ContactAmountssView extends Vue {
       .where("did")
       .equals(activeDid)
       .first();
-    const identity = JSON.parse(account?.identity || "null");
+    const identity = JSON.parse((account?.identity as string) || "null");
 
     if (!identity) {
       throw new Error(
@@ -158,15 +159,6 @@ export default class ContactAmountssView extends Vue {
     return identity;
   }
 
-  public async getHeaders(identity: IIdentifier) {
-    const token = await accessToken(identity);
-    const headers = {
-      "Content-Type": "application/json",
-      Authorization: "Bearer " + token,
-    };
-    return headers;
-  }
-
   async created() {
     try {
       await db.open();
@@ -174,8 +166,8 @@ export default class ContactAmountssView extends Vue {
       this.contact = (await db.contacts.get(contactDid)) || null;
 
       const settings = await db.settings.get(MASTER_SETTINGS_KEY);
-      this.activeDid = settings?.activeDid || "";
-      this.apiServer = settings?.apiServer || "";
+      this.activeDid = (settings?.activeDid as string) || "";
+      this.apiServer = (settings?.apiServer as string) || "";
 
       if (this.activeDid && this.contact) {
         this.loadGives(this.activeDid, this.contact);
@@ -207,7 +199,7 @@ export default class ContactAmountssView extends Vue {
         encodeURIComponent(identity.did) +
         "&recipientDid=" +
         encodeURIComponent(contact.did);
-      const headers = await this.getHeaders(identity);
+      const headers = await getHeaders(activeDid);
       const resp = await this.axios.get(url, { headers });
       if (resp.status === 200) {
         result = resp.data.data;
@@ -234,7 +226,7 @@ export default class ContactAmountssView extends Vue {
         encodeURIComponent(contact.did) +
         "&recipientDid=" +
         encodeURIComponent(identity.did);
-      const headers2 = await this.getHeaders(identity);
+      const headers2 = await getHeaders(activeDid);
       const resp2 = await this.axios.get(url2, { headers: headers2 });
       if (resp2.status === 200) {
         result = R.concat(result, resp2.data.data);
diff --git a/src/views/ContactGiftingView.vue b/src/views/ContactGiftingView.vue
index ac83472..cb34a37 100644
--- a/src/views/ContactGiftingView.vue
+++ b/src/views/ContactGiftingView.vue
@@ -72,17 +72,15 @@
 
 <script lang="ts">
 import { Component, Vue } from "vue-facing-decorator";
-import { IIdentifier } from "@veramo/core";
 
 import GiftedDialog from "@/components/GiftedDialog.vue";
 import QuickNav from "@/components/QuickNav.vue";
 import EntityIcon from "@/components/EntityIcon.vue";
 import { NotificationIface } from "@/constants/app";
 import { db, accountsDB } from "@/db/index";
-import { Account, AccountsSchema } from "@/db/tables/accounts";
+import { AccountsSchema } from "@/db/tables/accounts";
 import { Contact } from "@/db/tables/contacts";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
 import { GiverReceiverInputInfo } from "@/libs/endorserServer";
 
 @Component({
@@ -134,32 +132,7 @@ export default class ContactGiftingView extends Vue {
     }
   }
 
-  public async getIdentity(activeDid: string) {
-    await accountsDB.open();
-    const account = (await accountsDB.accounts
-      .where("did")
-      .equals(activeDid)
-      .first()) as Account;
-    const identity = JSON.parse(account?.identity || "null");
-
-    if (!identity) {
-      throw new Error(
-        "Attempted to load Give records with no identifier available.",
-      );
-    }
-    return identity;
-  }
-
-  public async getHeaders(identity: IIdentifier) {
-    const token = await accessToken(identity);
-    const headers = {
-      "Content-Type": "application/json",
-      Authorization: "Bearer " + token,
-    };
-    return headers;
-  }
-
-  openDialog(giver: GiverReceiverInputInfo) {
+  openDialog(giver?: GiverReceiverInputInfo) {
     const recipient = this.projectId
       ? undefined
       : { did: this.activeDid, name: "you" };
diff --git a/src/views/ContactQRScanShowView.vue b/src/views/ContactQRScanShowView.vue
index a7f94b0..96035a6 100644
--- a/src/views/ContactQRScanShowView.vue
+++ b/src/views/ContactQRScanShowView.vue
@@ -137,8 +137,11 @@ export default class ContactQRScanShow extends Vue {
       const publicKeyHex = identity.keys[0].publicKeyHex;
       const publicEncKey = Buffer.from(publicKeyHex, "hex").toString("base64");
 
-      const newDerivPath = nextDerivationPath(account.derivationPath);
-      const nextPublicHex = deriveAddress(account.mnemonic, newDerivPath)[2];
+      const newDerivPath = nextDerivationPath(account.derivationPath as string);
+      const nextPublicHex = deriveAddress(
+        account.mnemonic as string,
+        newDerivPath,
+      )[2];
       const nextPublicEncKey = Buffer.from(nextPublicHex, "hex");
       const nextPublicEncKeyHash = sha256(nextPublicEncKey);
       const nextPublicEncKeyHashBase64 =
diff --git a/src/views/ContactsView.vue b/src/views/ContactsView.vue
index 128d2c0..d180a75 100644
--- a/src/views/ContactsView.vue
+++ b/src/views/ContactsView.vue
@@ -311,12 +311,13 @@ import { AppString, NotificationIface } from "@/constants/app";
 import { accountsDB, db } from "@/db/index";
 import { Contact } from "@/db/tables/contacts";
 import { MASTER_SETTINGS_KEY, Settings } from "@/db/tables/settings";
-import { accessToken, getContactPayloadFromJwtUrl } from "@/libs/crypto";
+import { getContactPayloadFromJwtUrl } from "@/libs/crypto";
 import {
   CONTACT_CSV_HEADER,
   CONTACT_URL_PREFIX,
   GiverReceiverInputInfo,
   GiveSummaryRecord,
+  getHeaders,
   isDid,
   register,
   setVisibilityUtil,
@@ -414,22 +415,6 @@ export default class ContactsView extends Vue {
     return identity;
   }
 
-  public async getHeaders(identity: IIdentifier) {
-    const token = await accessToken(identity);
-    const headers = {
-      "Content-Type": "application/json",
-      Authorization: "Bearer " + token,
-    };
-    return headers;
-  }
-
-  public async getHeadersAndIdentity(activeDid: string) {
-    const identity = await this.getIdentity(activeDid);
-    const headers = await this.getHeaders(identity);
-
-    return { headers, identity };
-  }
-
   async loadGives() {
     if (!this.activeDid) {
       return;
@@ -481,7 +466,7 @@ export default class ContactsView extends Vue {
     };
 
     try {
-      const { headers } = await this.getHeadersAndIdentity(this.activeDid);
+      const headers = await getHeaders(this.activeDid);
       const givenByUrl =
         this.apiServer +
         "/api/v2/report/gives?agentDid=" +
@@ -954,8 +939,19 @@ export default class ContactsView extends Vue {
       this.apiServer +
       "/api/report/canDidExplicitlySeeMe?did=" +
       encodeURIComponent(contact.did);
-    const identity = await this.getIdentity(this.activeDid);
-    const headers = await this.getHeaders(identity);
+    const headers = await getHeaders(this.activeDid);
+    if (!headers["Authorization"]) {
+      this.$notify(
+        {
+          group: "alert",
+          type: "danger",
+          title: "No Identity",
+          text: "There is no identity to use to check visibility.",
+        },
+        3000,
+      );
+      return;
+    }
 
     try {
       const resp = await this.axios.get(url, { headers });
diff --git a/src/views/GiftedDetails.vue b/src/views/GiftedDetails.vue
index f05ddd2..4e06d16 100644
--- a/src/views/GiftedDetails.vue
+++ b/src/views/GiftedDetails.vue
@@ -316,9 +316,9 @@ export default class GiftedDetails extends Vue {
       const identity = await libsUtil.getIdentity(this.activeDid);
       const project = await getPlanFromCache(
         this.projectId,
-        identity,
         this.axios,
         this.apiServer,
+        identity.did,
       );
       this.projectName = project?.name
         ? "the project: " + project.name
diff --git a/src/views/HomeView.vue b/src/views/HomeView.vue
index c628cb5..42c9b0b 100644
--- a/src/views/HomeView.vue
+++ b/src/views/HomeView.vue
@@ -338,12 +338,12 @@ import {
   MASTER_SETTINGS_KEY,
   Settings,
 } from "@/db/tables/settings";
-import { accessToken } from "@/libs/crypto";
 import {
   contactForDid,
   containsNonHiddenDid,
   didInfoForContact,
   fetchEndorserRateLimits,
+  getHeaders,
   getPlanFromCache,
   GiverReceiverInputInfo,
   GiveSummaryRecord,
@@ -407,16 +407,6 @@ export default class HomeView extends Vue {
   showShortcutBvc = false;
   userAgentInfo = new UAParser(); // see https://docs.uaparser.js.org/v2/api/ua-parser-js/get-os.html
 
-  public async getIdentity(activeDid: string): Promise<IIdentifier | null> {
-    await accountsDB.open();
-    const account = (await accountsDB.accounts
-      .where("did")
-      .equals(activeDid)
-      .first()) as Account;
-    const identity = JSON.parse(account?.identity || "null");
-    return identity; // may be null
-  }
-
   async mounted() {
     try {
       await accountsDB.open();
@@ -440,12 +430,11 @@ export default class HomeView extends Vue {
 
       // someone may have have registered after sharing contact info, so recheck
       if (!this.isRegistered && this.activeDid) {
-        const identity = await this.getIdentity(this.activeDid);
         try {
           const resp = await fetchEndorserRateLimits(
             this.apiServer,
             this.axios,
-            identity as IIdentifier,
+            this.activeDid,
           );
           if (resp.status === 200) {
             // we just needed to know that they're registered
@@ -497,26 +486,6 @@ export default class HomeView extends Vue {
     return "Notification" in window;
   }
 
-  async buildHeaders() {
-    const headers: HeadersInit = {
-      "Content-Type": "application/json",
-    };
-
-    const identity = await this.getIdentity(this.activeDid);
-    if (this.activeDid) {
-      if (identity) {
-        headers["Authorization"] = "Bearer " + (await accessToken(identity));
-      } else {
-        throw new Error(
-          "An ID is chosen but there are no keys for it so it cannot be used to talk with the service. Switch your ID.",
-        );
-      }
-    } else {
-      // it's OK without auth... we just won't get any identifiers
-    }
-    return headers;
-  }
-
   // only called when a setting was changed
   async reloadFeedOnChange() {
     await db.open();
@@ -564,7 +533,6 @@ export default class HomeView extends Vue {
         if (results.data.length > 0) {
           endOfResults = false;
           // include the descriptions of the giver and receiver
-          const identity = await this.getIdentity(this.activeDid);
           for (const record: GiveSummaryRecord of results.data) {
             // similar code is in endorser-mobile utility.ts
             // claim.claim happen for some claims wrapped in a Verifiable Credential
@@ -581,9 +549,9 @@ export default class HomeView extends Vue {
             // We should display it immediately and then get the plan later.
             const plan = await getPlanFromCache(
               record.fulfillsPlanHandleId,
-              identity,
               this.axios,
               this.apiServer,
+              this.activeDid,
             );
 
             // check if the record should be filtered out
@@ -672,7 +640,7 @@ export default class HomeView extends Vue {
         beforeQuery,
       {
         method: "GET",
-        headers: await this.buildHeaders(),
+        headers: await getHeaders(this.activeDid),
       },
     );
 
diff --git a/src/views/NewEditProjectView.vue b/src/views/NewEditProjectView.vue
index 62547b1..b84947c 100644
--- a/src/views/NewEditProjectView.vue
+++ b/src/views/NewEditProjectView.vue
@@ -245,15 +245,6 @@ export default class NewEditProjectView extends Vue {
     return identity;
   }
 
-  public async getHeaders(identity: IIdentifier) {
-    const token = await accessToken(identity);
-    const headers = {
-      "Content-Type": "application/json",
-      Authorization: "Bearer " + token,
-    };
-    return headers;
-  }
-
   async mounted() {
     await accountsDB.open();
     this.numAccounts = await accountsDB.accounts.count();
@@ -460,11 +451,14 @@ export default class NewEditProjectView extends Vue {
       const signer = await SimpleSigner(privateKeyHex);
       const alg = undefined;
       // create a JWT for the request
-      const vcJwt: string = await didJwt.createJWT(vcPayload, {
-        alg: alg,
-        issuer: identity.did,
-        signer: signer,
-      });
+      const vcJwt: string = await didJwt.createJWT(
+        vcPayload as Partial<didJwt.JWTPayload>,
+        {
+          alg: alg,
+          issuer: identity.did,
+          signer: signer,
+        },
+      );
 
       // Make the xhr request payload
 
diff --git a/src/views/TestView.vue b/src/views/TestView.vue
index 03e9591..f8fc272 100644
--- a/src/views/TestView.vue
+++ b/src/views/TestView.vue
@@ -247,15 +247,13 @@ import QuickNav from "@/components/QuickNav.vue";
 import { AppString, NotificationIface } from "@/constants/app";
 import { accountsDB, db } from "@/db/index";
 import {
-  createPeerDid,
   PeerSetup,
-  registerCredential,
   verifyJwtP256,
   verifyJwtSimplewebauthn,
   verifyJwtWebCrypto,
 } from "@/libs/didPeer";
 import { MASTER_SETTINGS_KEY } from "@/db/tables/settings";
-import {registerAndSavePasskey} from "@/libs/util";
+import { registerAndSavePasskey } from "@/libs/util";
 
 const inputFileNameRef = ref<Blob>();