diff --git a/keyserver/addons/rust-node-addon/src/identity_client/mod.rs b/keyserver/addons/rust-node-addon/src/identity_client/mod.rs
--- a/keyserver/addons/rust-node-addon/src/identity_client/mod.rs
+++ b/keyserver/addons/rust-node-addon/src/identity_client/mod.rs
@@ -9,11 +9,13 @@
 use client_proto::identity_client_service_client::IdentityClientServiceClient;
 use client_proto::{
   AddReservedUsernamesRequest, DeviceKeyUpload, DeviceType, IdentityKeyInfo,
-  InboundKeyInfo, PreKey, RegistrationFinishRequest, RegistrationStartRequest,
+  PreKey, RegistrationFinishRequest, RegistrationStartRequest,
   RemoveReservedUsernameRequest,
 };
 use grpc_clients::identity::authenticated::ChainedInterceptedAuthClient;
-use grpc_clients::identity::protos::authenticated::UploadOneTimeKeysRequest;
+use grpc_clients::identity::protos::authenticated::{
+  InboundKeyInfo, UploadOneTimeKeysRequest,
+};
 use grpc_clients::identity::protos::unauthenticated as client_proto;
 use grpc_clients::identity::shared::CodeVersionLayer;
 use grpc_clients::identity::{
diff --git a/native/native_rust_library/src/lib.rs b/native/native_rust_library/src/lib.rs
--- a/native/native_rust_library/src/lib.rs
+++ b/native/native_rust_library/src/lib.rs
@@ -2,12 +2,12 @@
 use comm_opaque2::client::{Login, Registration};
 use comm_opaque2::grpc::opaque_error_to_grpc_status as handle_error;
 use grpc_clients::identity::protos::authenticated::{
-  OutboundKeysForUserRequest, UpdateUserPasswordFinishRequest,
+  OutboundKeyInfo, OutboundKeysForUserRequest, UpdateUserPasswordFinishRequest,
   UpdateUserPasswordStartRequest,
 };
 use grpc_clients::identity::protos::client::{
   DeviceKeyUpload, DeviceType, Empty, IdentityKeyInfo,
-  OpaqueLoginFinishRequest, OpaqueLoginStartRequest, OutboundKeyInfo, PreKey,
+  OpaqueLoginFinishRequest, OpaqueLoginStartRequest, PreKey,
   RegistrationFinishRequest, RegistrationStartRequest, WalletLoginRequest,
 };
 use grpc_clients::identity::{
diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs
--- a/services/identity/src/grpc_services/authenticated.rs
+++ b/services/identity/src/grpc_services/authenticated.rs
@@ -25,9 +25,10 @@
 }
 use auth_proto::{
   find_user_id_request, identity_client_service_server::IdentityClientService,
-  FindUserIdRequest, FindUserIdResponse, KeyserverKeysResponse,
-  OutboundKeyInfo, OutboundKeysForUserRequest, RefreshUserPreKeysRequest,
-  UploadOneTimeKeysRequest,
+  FindUserIdRequest, FindUserIdResponse, InboundKeyInfo,
+  InboundKeysForUserRequest, InboundKeysForUserResponse, KeyserverKeysResponse,
+  OutboundKeyInfo, OutboundKeysForUserRequest, OutboundKeysForUserResponse,
+  RefreshUserPreKeysRequest, UploadOneTimeKeysRequest,
 };
 use client::{Empty, IdentityKeyInfo};
 use tracing::{debug, error};
@@ -127,9 +128,8 @@
 
   async fn get_outbound_keys_for_user(
     &self,
-    request: tonic::Request<auth_proto::OutboundKeysForUserRequest>,
-  ) -> Result<tonic::Response<client::OutboundKeysForUserResponse>, tonic::Status>
-  {
+    request: tonic::Request<OutboundKeysForUserRequest>,
+  ) -> Result<tonic::Response<OutboundKeysForUserResponse>, tonic::Status> {
     let message = request.into_inner();
 
     let devices_map = self
@@ -146,7 +146,7 @@
           device_info,
           auth_type: None,
         };
-        match client::OutboundKeyInfo::try_from(device_info_with_auth) {
+        match OutboundKeyInfo::try_from(device_info_with_auth) {
           Ok(key_info) => Some((key, key_info)),
           Err(_) => {
             error!("Failed to transform device info for key {}", key);
@@ -156,16 +156,15 @@
       })
       .collect::<HashMap<_, _>>();
 
-    Ok(tonic::Response::new(client::OutboundKeysForUserResponse {
+    Ok(tonic::Response::new(OutboundKeysForUserResponse {
       devices: transformed_devices,
     }))
   }
 
   async fn get_inbound_keys_for_user(
     &self,
-    request: tonic::Request<auth_proto::InboundKeysForUserRequest>,
-  ) -> Result<tonic::Response<client::InboundKeysForUserResponse>, tonic::Status>
-  {
+    request: tonic::Request<InboundKeysForUserRequest>,
+  ) -> Result<tonic::Response<InboundKeysForUserResponse>, tonic::Status> {
     let message = request.into_inner();
 
     let devices_map = self
@@ -182,7 +181,7 @@
           device_info,
           auth_type: None,
         };
-        match client::InboundKeyInfo::try_from(device_info_with_auth) {
+        match InboundKeyInfo::try_from(device_info_with_auth) {
           Ok(key_info) => Some((key, key_info)),
           Err(_) => {
             error!("Failed to transform device info for key {}", key);
@@ -192,7 +191,7 @@
       })
       .collect::<HashMap<_, _>>();
 
-    Ok(tonic::Response::new(client::InboundKeysForUserResponse {
+    Ok(tonic::Response::new(InboundKeysForUserResponse {
       devices: transformed_devices,
     }))
   }
diff --git a/services/identity/src/grpc_utils.rs b/services/identity/src/grpc_utils.rs
--- a/services/identity/src/grpc_utils.rs
+++ b/services/identity/src/grpc_utils.rs
@@ -5,10 +5,9 @@
 
 use crate::{
   client_service::client_proto::{
-    DeviceKeyUpload, IdentityKeyInfo, InboundKeyInfo, OpaqueLoginStartRequest,
-    OutboundKeyInfo, PreKey, RegistrationStartRequest,
-    ReservedRegistrationStartRequest, ReservedWalletLoginRequest,
-    WalletLoginRequest,
+    DeviceKeyUpload, IdentityKeyInfo, OpaqueLoginStartRequest, PreKey,
+    RegistrationStartRequest, ReservedRegistrationStartRequest,
+    ReservedWalletLoginRequest, WalletLoginRequest,
   },
   constants::{
     CONTENT_ONE_TIME_KEY, NOTIF_ONE_TIME_KEY,
@@ -21,6 +20,7 @@
     USERS_TABLE_DEVICES_MAP_SOCIAL_PROOF_ATTRIBUTE_NAME,
   },
   database::DeviceKeys,
+  grpc_services::authenticated::auth_proto::{InboundKeyInfo, OutboundKeyInfo},
   token::AuthType,
 };
 
diff --git a/shared/protos/identity_authenticated.proto b/shared/protos/identity_authenticated.proto
--- a/shared/protos/identity_authenticated.proto
+++ b/shared/protos/identity_authenticated.proto
@@ -10,6 +10,7 @@
 // token through an interceptor, thus avoiding the need to explicitly pass
 // the credentials on every request
 service IdentityClientService {
+  // X3DH actions
 
   // Replenish one-time preKeys
   rpc UploadOneTimeKeys(UploadOneTimeKeysRequest)
@@ -25,13 +26,13 @@
   //   - Identity keys (both Content and Notif Keys)
   //   - PreKey (including preKey signature)
   //   - One-time PreKey
-  rpc GetOutboundKeysForUser(OutboundKeysForUserRequest)
-    returns (identity.client.OutboundKeysForUserResponse) {}
+  rpc GetOutboundKeysForUser(OutboundKeysForUserRequest) returns
+    (OutboundKeysForUserResponse) {}
   // Called by receivers of a communication request. The reponse will only
   // return identity keys (both content and notif keys) and related prekeys per
   // device, but will not contain one-time keys.
-  rpc GetInboundKeysForUser(InboundKeysForUserRequest)
-    returns (identity.client.InboundKeysForUserResponse) {}
+  rpc GetInboundKeysForUser(InboundKeysForUserRequest) returns
+    (InboundKeysForUserResponse) {}
 
   // Called by user to update password and receive new access token
   rpc UpdateUserPasswordStart(UpdateUserPasswordStartRequest) returns
@@ -84,6 +85,13 @@
   optional OutboundKeyInfo keyserverInfo = 1;
 }
 
+// GetOutboundKeysForUser
+
+message OutboundKeysForUserResponse {
+  // Map is keyed on devices' public ed25519 key used for signing
+  map<string, OutboundKeyInfo> devices = 1;
+}
+
 // Information needed by a device to establish communcation when responding
 // to a request.
 // The device receiving a request only needs the content key and prekey.
@@ -91,6 +99,19 @@
   string userID = 1;
 }
 
+// GetInboundKeysForUser
+
+message InboundKeyInfo {
+  identity.client.IdentityKeyInfo identityInfo = 1;
+  identity.client.PreKey contentPrekey = 2;
+  identity.client.PreKey notifPrekey = 3;
+}
+
+message InboundKeysForUserResponse {
+  // Map is keyed on devices' public ed25519 key used for signing
+  map<string, InboundKeyInfo> devices = 1;
+}
+
 message InboundKeysForUserRequest {
   string userID = 1;
 }
diff --git a/shared/protos/identity_client.proto b/shared/protos/identity_client.proto
--- a/shared/protos/identity_client.proto
+++ b/shared/protos/identity_client.proto
@@ -214,35 +214,6 @@
   string nonce = 1;
 }
 
-// GetOutboundKeysForUser
-
-// Information needed when establishing communication to someone else's device
-message OutboundKeyInfo {
-  IdentityKeyInfo identityInfo = 1;
-  PreKey contentPrekey = 2;
-  PreKey notifPrekey = 3;
-  optional string oneTimeContentPrekey = 4;
-  optional string oneTimeNotifPrekey = 5;
-}
-
-message OutboundKeysForUserResponse {
-  // Map is keyed on devices' public ed25519 key used for signing
-  map<string, OutboundKeyInfo> devices = 1;
-}
-
-// GetInboundKeysForUser
-
-message InboundKeyInfo {
-  IdentityKeyInfo identityInfo = 1;
-  PreKey contentPrekey = 2;
-  PreKey notifPrekey = 3;
-}
-
-message InboundKeysForUserResponse {
-  // Map is keyed on devices' public ed25519 key used for signing
-  map<string, InboundKeyInfo> devices = 1;
-}
-
 // VerifyUserAccessToken
 
 message VerifyUserAccessTokenRequest {