diff --git a/services/identity/src/client_service.rs b/services/identity/src/client_service.rs
--- a/services/identity/src/client_service.rs
+++ b/services/identity/src/client_service.rs
@@ -46,8 +46,8 @@
 
 #[derive(Clone)]
 pub enum WorkflowInProgress {
-  Registration(UserRegistrationInfo),
-  Login(UserLoginInfo),
+  Registration(Box<UserRegistrationInfo>),
+  Login(Box<UserLoginInfo>),
   Update(UpdateState),
 }
 
@@ -171,7 +171,7 @@
         .cache
         .insert(
           session_id.clone(),
-          WorkflowInProgress::Registration(registration_state),
+          WorkflowInProgress::Registration(Box::new(registration_state)),
         )
         .await;
 
@@ -275,7 +275,7 @@
         .cache
         .insert(
           session_id.clone(),
-          WorkflowInProgress::Registration(registration_state),
+          WorkflowInProgress::Registration(Box::new(registration_state)),
         )
         .await;
 
@@ -308,7 +308,7 @@
       let device_id = state.flattened_device_key_upload.device_id_key.clone();
       let user_id = self
         .client
-        .add_password_user_to_users_table(state, password_file)
+        .add_password_user_to_users_table(*state, password_file)
         .await
         .map_err(handle_db_error)?;
 
@@ -509,7 +509,10 @@
       let session_id = generate_uuid();
       self
         .cache
-        .insert(session_id.clone(), WorkflowInProgress::Login(login_state))
+        .insert(
+          session_id.clone(),
+          WorkflowInProgress::Login(Box::new(login_state)),
+        )
         .await;
 
       let response = Response::new(OpaqueLoginStartResponse {
diff --git a/services/identity/src/database.rs b/services/identity/src/database.rs
--- a/services/identity/src/database.rs
+++ b/services/identity/src/database.rs
@@ -1029,6 +1029,7 @@
   }
 }
 
+#[allow(dead_code)]
 fn parse_map_attribute(
   attribute_name: &'static str,
   attribute_value: Option<AttributeValue>,
diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs
--- a/services/identity/src/grpc_services/authenticated.rs
+++ b/services/identity/src/grpc_services/authenticated.rs
@@ -44,7 +44,7 @@
   println!("Intercepting request: {:?}", req);
 
   let (user_id, device_id, access_token) = get_auth_info(&req)
-    .ok_or(Status::unauthenticated("Missing credentials"))?;
+    .ok_or_else(|| Status::unauthenticated("Missing credentials"))?;
 
   let handle = tokio::runtime::Handle::current();
   let new_db_client = db_client.clone();
@@ -71,12 +71,12 @@
 pub fn get_user_and_device_id<T>(
   request: &Request<T>,
 ) -> Result<(String, String), Status> {
-  let user_id = get_value(&request, "user_id")
-    .ok_or(Status::unauthenticated("Missing user_id field"))?;
-  let device_id = get_value(&request, "device_id")
-    .ok_or(Status::unauthenticated("Missing device_id field"))?;
+  let user_id = get_value(request, "user_id")
+    .ok_or_else(|| Status::unauthenticated("Missing user_id field"))?;
+  let device_id = get_value(request, "device_id")
+    .ok_or_else(|| Status::unauthenticated("Missing device_id field"))?;
 
-  return Ok((user_id, device_id));
+  Ok((user_id, device_id))
 }
 
 #[tonic::async_trait]
@@ -92,10 +92,10 @@
 
     let content_keys = message
       .new_content_pre_keys
-      .ok_or(Status::invalid_argument("Missing content keys"))?;
+      .ok_or_else(|| Status::invalid_argument("Missing content keys"))?;
     let notif_keys = message
       .new_notif_pre_keys
-      .ok_or(Status::invalid_argument("Missing notification keys"))?;
+      .ok_or_else(|| Status::invalid_argument("Missing notification keys"))?;
 
     self
       .db_client
diff --git a/services/identity/src/main.rs b/services/identity/src/main.rs
--- a/services/identity/src/main.rs
+++ b/services/identity/src/main.rs
@@ -78,7 +78,7 @@
       );
       let raw_auth_service = AuthenticatedService::new(database_client.clone());
       let auth_service =
-        AuthServer::with_interceptor(raw_auth_service, move |mut req| {
+        AuthServer::with_interceptor(raw_auth_service, move |req| {
           grpc_services::authenticated::auth_intercept(req, &database_client)
         });
 
diff --git a/services/identity/src/reserved_users.rs b/services/identity/src/reserved_users.rs
--- a/services/identity/src/reserved_users.rs
+++ b/services/identity/src/reserved_users.rs
@@ -53,7 +53,7 @@
   let public_key_string = CONFIG
     .keyserver_public_key
     .clone()
-    .ok_or(Status::failed_precondition("missing key"))?;
+    .ok_or_else(|| Status::failed_precondition("missing key"))?;
 
   let public_key_bytes = general_purpose::STANDARD_NO_PAD
     .decode(public_key_string)