03e0daa8-014e-4640-b3a6-76e50f417cf1

@evan probably, but the way code is structured I'm using the same client for all requests, including key fetch. I might find a way to separate between Activity requests and key fetches at some point, but until then it's kinda like that.

My logic was that in the case of a public resource most servers would just serve it even with an invalid authorization mechanism... but I guess that if you choose to fail early, that's no longer the case...

⁂