diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs
--- a/services/identity/src/grpc_services/authenticated.rs
+++ b/services/identity/src/grpc_services/authenticated.rs
@@ -15,6 +15,7 @@
 };
 use chrono::DateTime;
 use comm_lib::auth::AuthService;
+use comm_lib::blob::client::BlobServiceClient;
 use comm_opaque2::grpc::protocol_error_to_grpc_status;
 use tonic::{Request, Response, Status};
 use tracing::{debug, error, trace};
@@ -38,6 +39,7 @@
 #[derive(derive_more::Constructor)]
 pub struct AuthenticatedService {
   db_client: DatabaseClient,
+  blob_client: BlobServiceClient,
   comm_auth_service: AuthService,
 }
 
diff --git a/services/identity/src/main.rs b/services/identity/src/main.rs
--- a/services/identity/src/main.rs
+++ b/services/identity/src/main.rs
@@ -2,6 +2,7 @@
 use comm_lib::aws;
 use comm_lib::aws::config::timeout::TimeoutConfig;
 use comm_lib::aws::config::BehaviorVersion;
+use comm_lib::blob::client::BlobServiceClient;
 use config::Command;
 use database::DatabaseClient;
 use tonic::transport::Server;
@@ -78,7 +79,7 @@
       generate_and_persist_keypair(dir)?;
     }
     Command::Server => {
-      config::load_server_config();
+      let cfg = config::load_server_config();
       let addr = IDENTITY_SERVICE_SOCKET_ADDR.parse()?;
       let aws_config = aws::config::defaults(BehaviorVersion::v2024_03_28())
         .timeout_config(
@@ -91,14 +92,18 @@
         .await;
       let comm_auth_service =
         AuthService::new(&aws_config, "http://localhost:50054".to_string());
+      let blob_client = BlobServiceClient::new(cfg.blob_service_url.to_owned());
       let database_client = DatabaseClient::new(&aws_config);
       let inner_client_service = ClientService::new(database_client.clone());
       let client_service = IdentityClientServiceServer::with_interceptor(
         inner_client_service,
         grpc_services::shared::version_interceptor,
       );
-      let inner_auth_service =
-        AuthenticatedService::new(database_client.clone(), comm_auth_service);
+      let inner_auth_service = AuthenticatedService::new(
+        database_client.clone(),
+        blob_client,
+        comm_auth_service,
+      );
       let db_client = database_client.clone();
       let auth_service =
         AuthServer::with_interceptor(inner_auth_service, move |req| {