Enable notifs from multiple keyservers

gistfile1.txt

diff --git a/keyserver/docker-compose.yml b/keyserver/docker-compose.yml
index b9a0528e8f..7e79cb454a 100644
--- a/keyserver/docker-compose.yml
+++ b/keyserver/docker-compose.yml
@@ -10,10 +10,13 @@ services:
         - COMM_JSONCONFIG_secrets_alchemy=${COMM_JSONCONFIG_secrets_alchemy}
         - COMM_JSONCONFIG_secrets_walletconnect=${COMM_JSONCONFIG_secrets_walletconnect}
         - COMM_JSONCONFIG_secrets_geoip_license=${COMM_JSONCONFIG_secrets_geoip_license}
+        - COMM_JSONCONFIG_secrets_comm_apn_config=${COMM_JSONCONFIG_secrets_comm_apn_config}
     image: commapp/node-keyserver:1.0
+    volumes:
+      - ./secrets/comm_apn.p8:/home/comm/app/keyserver/secrets/comm_apn.p8
     restart: always
     ports:
-      - '3000:3000'
+      - '3001:3000'
     env_file:
       - .env
     environment:
diff --git a/keyserver/src/utils/olm-utils.js b/keyserver/src/utils/olm-utils.js
index 13cecf2a6d..24486affd0 100644
--- a/keyserver/src/utils/olm-utils.js
+++ b/keyserver/src/utils/olm-utils.js
@@ -6,6 +6,7 @@ import type {
   Utility as OlmUtility,
   Session as OlmSession,
 } from '@commapp/olm';
+import invariant from 'invariant';
 import { getRustAPI } from 'rust-node-addon';
 import uuid from 'uuid';
 
@@ -111,32 +112,42 @@ async function uploadNewOneTimeKeys(numberOfKeys: number) {
     throw new ServerError('missing_identity_info');
   }
 
-  await fetchCallUpdateOlmAccount('content', (contentAccount: OlmAccount) => {
-    contentAccount.generate_one_time_keys(numberOfKeys);
-    const contentOneTimeKeys = getOneTimeKeyValuesFromBlob(
-      contentAccount.one_time_keys(),
-    );
+  let contentOneTimeKeys: ?$ReadOnlyArray<string>;
+  let notifOneTimeKeys: ?$ReadOnlyArray<string>;
+
+  await Promise.all([
+    fetchCallUpdateOlmAccount('content', (contentAccount: OlmAccount) => {
+      contentAccount.generate_one_time_keys(numberOfKeys);
+      contentOneTimeKeys = getOneTimeKeyValuesFromBlob(
+        contentAccount.one_time_keys(),
+      );
+      contentAccount.mark_keys_as_published();
+    }),
+    fetchCallUpdateOlmAccount('notifications', (notifAccount: OlmAccount) => {
+      notifAccount.generate_one_time_keys(numberOfKeys);
+      notifOneTimeKeys = getOneTimeKeyValuesFromBlob(
+        notifAccount.one_time_keys(),
+      );
+      notifAccount.mark_keys_as_published();
+    }),
+  ]);
 
-    return fetchCallUpdateOlmAccount(
-      'notifications',
-      async (notifAccount: OlmAccount) => {
-        notifAccount.generate_one_time_keys(numberOfKeys);
-        const notifOneTimeKeys = getOneTimeKeyValuesFromBlob(
-          notifAccount.one_time_keys(),
-        );
-        await rustAPI.uploadOneTimeKeys(
-          identityInfo.userId,
-          deviceID,
-          identityInfo.accessToken,
-          contentOneTimeKeys,
-          notifOneTimeKeys,
-        );
-
-        notifAccount.mark_keys_as_published();
-        contentAccount.mark_keys_as_published();
-      },
-    );
-  });
+  invariant(
+    contentOneTimeKeys,
+    'content one-time keys not set after fetchCallUpdateOlmAccount',
+  );
+  invariant(
+    notifOneTimeKeys,
+    'notif one-time keys not set after fetchCallUpdateOlmAccount',
+  );
+
+  await rustAPI.uploadOneTimeKeys(
+    identityInfo.userId,
+    deviceID,
+    identityInfo.accessToken,
+    contentOneTimeKeys,
+    notifOneTimeKeys,
+  );
 }
 
 async function getContentSigningKey(): Promise<string> {
diff --git a/keyserver/src/utils/validation-utils.js b/keyserver/src/utils/validation-utils.js
index 05aa49b9b1..a4348b6382 100644
--- a/keyserver/src/utils/validation-utils.js
+++ b/keyserver/src/utils/validation-utils.js
@@ -216,11 +216,11 @@ async function policiesValidator(
     policies,
   );
 
-  if (notAcknowledgedPolicies.length) {
-    throw new ServerError('policies_not_accepted', {
-      notAcknowledgedPolicies,
-    });
-  }
+  // if (notAcknowledgedPolicies.length) {
+  //   throw new ServerError('policies_not_accepted', {
+  //     notAcknowledgedPolicies,
+  //   });
+  // }
 }
 
 export {
diff --git a/lib/utils/services-utils.js b/lib/utils/services-utils.js
index 684f444314..c22609665e 100644
--- a/lib/utils/services-utils.js
+++ b/lib/utils/services-utils.js
@@ -7,7 +7,7 @@ import type { AuthMetadata } from '../shared/identity-client-context.js';
 // If this is true then we're using the identity service for auth. After we
 // auth, the identity service gives us a CSAT, which we can use to auth with
 // other Comm services.
-const usingCommServicesAccessToken = false;
+const usingCommServicesAccessToken = true;
 
 // If this is true, then the app is able to support multiple keyservers. This
 // requires the use of Tunnelbroker and the backup service to persist and sync
diff --git a/native/account/log-in-panel.react.js b/native/account/log-in-panel.react.js
index 3cd27f963b..2a73dc102e 100644
--- a/native/account/log-in-panel.react.js
+++ b/native/account/log-in-panel.react.js
@@ -45,6 +45,7 @@ import { PanelButton, Panel } from './panel-components.react.js';
 import PasswordInput from './password-input.react.js';
 import { authoritativeKeyserverID } from '../authoritative-keyserver.js';
 import SWMansionIcon from '../components/swmansion-icon.react.js';
+import { commCoreModule } from '../native-modules.js';
 import { useSelector } from '../redux/redux-utils.js';
 import { nativeLogInExtraInfoSelector } from '../selectors/account-selectors.js';
 import type { KeyPressEvent } from '../types/react-native.js';
@@ -54,6 +55,7 @@ import {
   UserNotFoundAlertDetails,
 } from '../utils/alert-messages.js';
 import Alert from '../utils/alert.js';
+import { getContentSigningKey } from '../utils/crypto-utils.js';
 import type { StateContainer } from '../utils/state-container.js';
 
 export type LogInState = {
@@ -322,6 +324,13 @@ class LogInPanel extends React.PureComponent<Props> {
         username: this.usernameInputText,
         password: this.passwordInputText,
       });
+
+      const ed25519 = await getContentSigningKey();
+      await commCoreModule.setCommServicesAuthMetadata(
+        result.userID,
+        ed25519,
+        result.accessToken,
+      );
       return result;
     } catch (e) {
       if (e.message === 'user not found') {
diff --git a/native/account/registration/registration-server-call.js b/native/account/registration/registration-server-call.js
index 625ccfd389..ad93523e7d 100644
--- a/native/account/registration/registration-server-call.js
+++ b/native/account/registration/registration-server-call.js
@@ -25,6 +25,7 @@ import {
   useNativeSetUserAvatar,
   useUploadSelectedMedia,
 } from '../../avatars/avatar-hooks.js';
+import { commCoreModule } from '../../native-modules.js';
 import { useSelector } from '../../redux/redux-utils.js';
 import { nativeLogInExtraInfoSelector } from '../../selectors/account-selectors.js';
 import {
@@ -34,6 +35,7 @@ import {
   UnknownErrorAlertDetails,
 } from '../../utils/alert-messages.js';
 import Alert from '../../utils/alert.js';
+import { getContentSigningKey } from '../../utils/crypto-utils.js';
 import { setNativeCredentials } from '../native-credentials.js';
 import {
   useLegacySIWEServerCall,
@@ -85,6 +87,14 @@ function useRegistrationServerCall(): RegistrationServerCallInput => Promise<voi
             username: accountSelection.username,
             password: accountSelection.password,
           });
+
+          const ed25519 = await getContentSigningKey();
+          await commCoreModule.setCommServicesAuthMetadata(
+            result.userID,
+            ed25519,
+            result.accessToken,
+          );
+
           return result;
         } catch (e) {
           if (e.message === 'username reserved') {
diff --git a/native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp b/native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp
index c5414cc27b..e0a5158f50 100644
--- a/native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp
+++ b/native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp
@@ -194,7 +194,7 @@ NotificationsCryptoModule::fetchNotificationsSession(
     throw std::runtime_error(
         "Missing notifications session for keyserver: " + keyserverID);
   }
-
+  comm::Logger::log("NSE: used session for key: " + keyserverNotificationsSessionKey);
   return NotificationsCryptoModule::deserializeNotificationsSession(
       serializedSession.value());
 }
diff --git a/web/redux/action-types.js b/web/redux/action-types.js
index c9dad5d54f..09c6c594f6 100644
--- a/web/redux/action-types.js
+++ b/web/redux/action-types.js
@@ -45,18 +45,6 @@ const getInitialReduxState =
     const threadKeyserverID = thread ? extractKeyserverIDFromID(thread) : null;
 
     for (const keyserverID of allKeyserverIDs) {
-      // As of Nov 2023, the only validation we have for adding a new keyserver
-      // is we check if the keyserver URL is valid. This is not a very
-      // extensive check, and gives the user the feeling of a false sucesses
-      // when they add new keyservers to the keyserver store. ENG-5371 tracks
-      // the task for initialzing a proper connection with the newly added
-      // keyserver, and at that point we can make the validation checks
-      // for adding a new keyserver more extensive. However, for the time being
-      // we need to add this check below so that we aren't trying to make calls
-      // to nonexistant keyservers that are in our keyserver store.
-      if (keyserverID !== authoritativeKeyserverID) {
-        continue;
-      }
       const clientUpdatesCurrentAsOf = allUpdatesCurrentAsOf[keyserverID];
       const keyserverExcludedData: ExcludedData = {
         threadStore: !!excludedData.threadStore && !!clientUpdatesCurrentAsOf,