From 6d856e85b1c857faca7dcd10427d9eb31a95441e Mon Sep 17 00:00:00 2001
From: Samin Rahman <samin.rahman@thetradedesk.com>
Date: Wed, 14 Jan 2026 14:08:10 +1100
Subject: [PATCH 1/6] Added early exit for meetPolicyRequirements and added a
 counter metric for requests bypassing optout check

---
 .../operator/vertx/UIDOperatorVerticle.java   | 31 +++++++++++++------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
index 7b36e8eea..8babc1515 100644
--- a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
+++ b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
@@ -1654,17 +1654,28 @@ private boolean meetPolicyCheckRequirements(RoutingContext rc) {
             respectOptOut = OptoutCheckPolicy.fromValue(requestJsonObject.getInteger(POLICY_PARAM)) == OptoutCheckPolicy.respectOptOut();
         }
 
-        final ClientKey clientKey = (ClientKey) AuthMiddleware.getAuthClient(rc);
-        final ClientKey oldestClientKey = this.clientKeyProvider.getOldestClientKey(clientKey.getSiteId());
-        boolean newClient = oldestClientKey.getCreated() >= OPT_OUT_CHECK_CUTOFF_DATE;
-
-        if (newClient && !respectOptOut) {
-            // log policy violation
-            LOGGER.warn(String.format("Failed to respect opt-out policy: siteId=%d, clientKeyName=%s, clientKeyCreated=%d",
-                    oldestClientKey.getSiteId(), oldestClientKey.getName(), oldestClientKey.getCreated()));
-            return false;
+        if (respectOptOut) {
+            return true;
+        } else {
+            final ClientKey clientKey = (ClientKey) AuthMiddleware.getAuthClient(rc);
+            final ClientKey oldestClientKey = this.clientKeyProvider.getOldestClientKey(clientKey.getSiteId());
+            boolean newClient = oldestClientKey.getCreated() >= OPT_OUT_CHECK_CUTOFF_DATE;
+
+            if (!newClient) {
+                Counter.builder("uid2_opt_out_no_respect_total")
+                        .description("Counter for the number of successful requests that have optout set to zero (legacy clients)")
+                        .tag("client_name", clientKey.getName())
+                        .tag("client_contact", clientKey.getContact())
+                        .register(Metrics.globalRegistry)
+                        .increment();
+                return true;
+            } else {
+                // log policy violation
+                LOGGER.warn(String.format("Failed to respect opt-out policy: siteId=%d, clientKeyName=%s, clientKeyCreated=%d",
+                        oldestClientKey.getSiteId(), oldestClientKey.getName(), oldestClientKey.getCreated()));
+                return false;
+            }
         }
-        return true;
     }
 
     private Tuple.Tuple2<OptoutCheckPolicy, String> readOptoutCheckPolicy(JsonObject req) {

From 874ae8a98c28eefb81470dbdb58b6829e357e46a Mon Sep 17 00:00:00 2001
From: Samin Rahman <samin.rahman@thetradedesk.com>
Date: Thu, 15 Jan 2026 16:23:41 +1100
Subject: [PATCH 2/6] Renamed counter and changed tags

---
 .../java/com/uid2/operator/vertx/UIDOperatorVerticle.java    | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
index 8babc1515..981e47c70 100644
--- a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
+++ b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
@@ -1662,10 +1662,9 @@ private boolean meetPolicyCheckRequirements(RoutingContext rc) {
             boolean newClient = oldestClientKey.getCreated() >= OPT_OUT_CHECK_CUTOFF_DATE;
 
             if (!newClient) {
-                Counter.builder("uid2_opt_out_no_respect_total")
+                Counter.builder("uid2_legacy_opt_out_bypass_total")
                         .description("Counter for the number of successful requests that have optout set to zero (legacy clients)")
-                        .tag("client_name", clientKey.getName())
-                        .tag("client_contact", clientKey.getContact())
+                        .tag("site_id", clientKey.getSiteId().toString())
                         .register(Metrics.globalRegistry)
                         .increment();
                 return true;

From 57d6a34d55845427410fc43aa96101d95aeea164 Mon Sep 17 00:00:00 2001
From: Release Workflow <unifiedid-admin+release@thetradedesk.com>
Date: Thu, 15 Jan 2026 05:27:24 +0000
Subject: [PATCH 3/6] [CI Pipeline] Released Snapshot version:
 5.63.23-alpha-287-SNAPSHOT

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0474f97a0..497a50889 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-operator</artifactId>
-    <version>5.63.22</version>
+    <version>5.63.23-alpha-287-SNAPSHOT</version>
   
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

From 75ec479fcd41bb26c06b6a4cc61b80dc76fe7cd1 Mon Sep 17 00:00:00 2001
From: Samin Rahman <samin.rahman@thetradedesk.com>
Date: Mon, 19 Jan 2026 09:03:42 +1100
Subject: [PATCH 4/6] Removed optout policy check and disable optout feature
 flag

---
 conf/docker-config.json                       |   1 -
 conf/integ-config.json                        |   1 -
 conf/local-config.json                        |   1 -
 conf/local-e2e-docker-public-config.json      |   1 -
 conf/local-e2e-public-config.json             |   2 +-
 ...dator-latest-e2e-docker-public-config.json |   1 -
 src/main/java/com/uid2/operator/Const.java    |   1 -
 .../operator/vertx/UIDOperatorVerticle.java   |  90 +--------
 .../operator/UIDOperatorVerticleTest.java     | 171 ------------------
 9 files changed, 3 insertions(+), 266 deletions(-)

diff --git a/conf/docker-config.json b/conf/docker-config.json
index d2927f044..5abdf3a04 100644
--- a/conf/docker-config.json
+++ b/conf/docker-config.json
@@ -42,7 +42,6 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-operator"
 }
diff --git a/conf/integ-config.json b/conf/integ-config.json
index f7b16e833..7416395ef 100644
--- a/conf/integ-config.json
+++ b/conf/integ-config.json
@@ -18,7 +18,6 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
   "enable_remote_config": false,
   "uid_instance_id_prefix": "local-operator"
 }
\ No newline at end of file
diff --git a/conf/local-config.json b/conf/local-config.json
index 0d8720483..530045b05 100644
--- a/conf/local-config.json
+++ b/conf/local-config.json
@@ -41,7 +41,6 @@
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
   "encrypted_files": false,
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-operator"
 }
diff --git a/conf/local-e2e-docker-public-config.json b/conf/local-e2e-docker-public-config.json
index 7610e9bc7..3b3416997 100644
--- a/conf/local-e2e-docker-public-config.json
+++ b/conf/local-e2e-docker-public-config.json
@@ -38,7 +38,6 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-public-operator"
 }
diff --git a/conf/local-e2e-public-config.json b/conf/local-e2e-public-config.json
index 80459743b..7f5801a39 100644
--- a/conf/local-e2e-public-config.json
+++ b/conf/local-e2e-public-config.json
@@ -44,7 +44,7 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
+
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-public-operator"
 }
diff --git a/conf/validator-latest-e2e-docker-public-config.json b/conf/validator-latest-e2e-docker-public-config.json
index 55cd04f87..184d37b8e 100644
--- a/conf/validator-latest-e2e-docker-public-config.json
+++ b/conf/validator-latest-e2e-docker-public-config.json
@@ -43,7 +43,6 @@
     },
     "config_scan_period_ms": 300000
   },
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-public-operator"
 }
diff --git a/src/main/java/com/uid2/operator/Const.java b/src/main/java/com/uid2/operator/Const.java
index 14f878371..ef0c8b6be 100644
--- a/src/main/java/com/uid2/operator/Const.java
+++ b/src/main/java/com/uid2/operator/Const.java
@@ -34,7 +34,6 @@ public class Config extends com.uid2.shared.Const.Config {
 
         public static final String ConfigScanPeriodMsProp = "config_scan_period_ms";
         public static final String IdentityV3Prop = "identity_v3";
-        public static final String DisableOptoutTokenProp = "disable_optout_token";
         public static final String EnableRemoteConfigProp = "enable_remote_config";
         public static final String RuntimeConfigMetadataPathProp = "runtime_config_metadata_path";
 
diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
index 981e47c70..41d44d0ff 100644
--- a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
+++ b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
@@ -105,7 +105,6 @@ public class UIDOperatorVerticle extends AbstractVerticle {
     private final IClientKeyProvider clientKeyProvider;
     private final Clock clock;
     private final boolean identityV3Enabled;
-    private final boolean disableOptoutToken;
     private final UidInstanceIdProvider uidInstanceIdProvider;
     protected IUIDOperatorService idService;
 
@@ -196,7 +195,6 @@ public UIDOperatorVerticle(IConfigStore configStore,
         this.optOutStatusApiEnabled = config.getBoolean(Const.Config.OptOutStatusApiEnabled, true);
         this.optOutStatusMaxRequestSize = config.getInteger(Const.Config.OptOutStatusMaxRequestSize, 5000);
         this.identityV3Enabled = config.getBoolean(IdentityV3Prop, false);
-        this.disableOptoutToken = config.getBoolean(DisableOptoutTokenProp, false);
         this.uidInstanceIdProvider = uidInstanceIdProvider;
     }
 
@@ -945,14 +943,6 @@ private void handleTokenGenerateV2(RoutingContext rc) {
                     }
                 }
 
-                final Tuple.Tuple2<OptoutCheckPolicy, String> optoutCheckPolicy = readOptoutCheckPolicy(req);
-                recordTokenGeneratePolicy(apiContact, optoutCheckPolicy.getItem1(), optoutCheckPolicy.getItem2());
-
-                if (!meetPolicyCheckRequirements(rc)) {
-                    SendClientErrorResponseAndRecordStats(ResponseStatus.ClientError, 400, rc, "Required opt-out policy argument for token/generate is missing or not set to 1", siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.BadPayload, siteProvider, platformType);
-                    return;
-                }
-
                 final IdentityTokens t = this.idService.generateIdentity(
                         new IdentityRequest(
                                 new PublisherIdentity(siteId, 0, 0),
@@ -964,31 +954,8 @@ private void handleTokenGenerateV2(RoutingContext rc) {
                         identityExpiresAfter);
 
                 if (t.isEmptyToken()) {
-                    if (optoutCheckPolicy.getItem1() == OptoutCheckPolicy.DoNotRespect && !this.disableOptoutToken) { // only legacy can use this policy
-                        final InputUtil.InputVal optOutTokenInput = input.getIdentityType() == IdentityType.Email
-                                ? InputUtil.InputVal.validEmail(OptOutTokenIdentityForEmail, OptOutTokenIdentityForEmail)
-                                : InputUtil.InputVal.validPhone(OptOutTokenIdentityForPhone, OptOutTokenIdentityForPhone);
-
-                        PrivacyBits pb = new PrivacyBits();
-                        pb.setLegacyBit();
-                        pb.setClientSideTokenGenerateOptout();
-
-                        final IdentityTokens optOutTokens = this.idService.generateIdentity(
-                                new IdentityRequest(
-                                        new PublisherIdentity(siteId, 0, 0),
-                                        optOutTokenInput.toUserIdentity(this.identityScope, pb.getAsInt(), Instant.now()),
-                                        OptoutCheckPolicy.DoNotRespect,
-                                        identityEnvironment),
-                                refreshIdentityAfter,
-                                refreshExpiresAfter,
-                                identityExpiresAfter);
-
-                        ResponseUtil.SuccessV2(rc, toTokenResponseJson(optOutTokens));
-                        recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.Success, siteProvider, optOutTokens.getAdvertisingTokenVersion(), platformType);
-                    } else { // new participant, or legacy specified policy/optout_check=1
-                        ResponseUtil.SuccessNoBodyV2("optout", rc);
-                        recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.OptOut, siteProvider, null, platformType);
-                    }
+                    ResponseUtil.SuccessNoBodyV2("optout", rc);
+                    recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.OptOut, siteProvider, null, platformType);
                 } else {
                     ResponseUtil.SuccessV2(rc, toTokenResponseJson(t));
                     recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.Success, siteProvider, t.getAdvertisingTokenVersion(), platformType);
@@ -1642,59 +1609,6 @@ private UserConsentStatus validateUserConsent(JsonObject req, String apiContact)
         return UserConsentStatus.SUFFICIENT;
     }
 
-    private static final String POLICY_PARAM = "policy";
-    private static final String OPTOUT_CHECK_POLICY_PARAM = "optout_check";
-
-    private boolean meetPolicyCheckRequirements(RoutingContext rc) {
-        JsonObject requestJsonObject = (JsonObject) rc.data().get(REQUEST);
-        boolean respectOptOut = false;
-        if (requestJsonObject.containsKey(OPTOUT_CHECK_POLICY_PARAM)) {
-            respectOptOut = OptoutCheckPolicy.fromValue(requestJsonObject.getInteger(OPTOUT_CHECK_POLICY_PARAM)) == OptoutCheckPolicy.respectOptOut();
-        } else if (requestJsonObject.containsKey(POLICY_PARAM)) {
-            respectOptOut = OptoutCheckPolicy.fromValue(requestJsonObject.getInteger(POLICY_PARAM)) == OptoutCheckPolicy.respectOptOut();
-        }
-
-        if (respectOptOut) {
-            return true;
-        } else {
-            final ClientKey clientKey = (ClientKey) AuthMiddleware.getAuthClient(rc);
-            final ClientKey oldestClientKey = this.clientKeyProvider.getOldestClientKey(clientKey.getSiteId());
-            boolean newClient = oldestClientKey.getCreated() >= OPT_OUT_CHECK_CUTOFF_DATE;
-
-            if (!newClient) {
-                Counter.builder("uid2_legacy_opt_out_bypass_total")
-                        .description("Counter for the number of successful requests that have optout set to zero (legacy clients)")
-                        .tag("site_id", clientKey.getSiteId().toString())
-                        .register(Metrics.globalRegistry)
-                        .increment();
-                return true;
-            } else {
-                // log policy violation
-                LOGGER.warn(String.format("Failed to respect opt-out policy: siteId=%d, clientKeyName=%s, clientKeyCreated=%d",
-                        oldestClientKey.getSiteId(), oldestClientKey.getName(), oldestClientKey.getCreated()));
-                return false;
-            }
-        }
-    }
-
-    private Tuple.Tuple2<OptoutCheckPolicy, String> readOptoutCheckPolicy(JsonObject req) {
-        if(req.containsKey(OPTOUT_CHECK_POLICY_PARAM)) {
-            return new Tuple.Tuple2<>(OptoutCheckPolicy.fromValue(req.getInteger(OPTOUT_CHECK_POLICY_PARAM)), OPTOUT_CHECK_POLICY_PARAM);
-        } else if(req.containsKey(POLICY_PARAM)) {
-            return new Tuple.Tuple2<>(OptoutCheckPolicy.fromValue(req.getInteger(POLICY_PARAM)), POLICY_PARAM);
-        } else {
-            return new Tuple.Tuple2<>(OptoutCheckPolicy.defaultPolicy(), "null");
-        }
-    }
-
-    private void recordTokenGeneratePolicy(String apiContact, OptoutCheckPolicy policy, String policyParameterKey) {
-        _tokenGeneratePolicyCounters.computeIfAbsent(new Tuple.Tuple3<>(apiContact, policy, policyParameterKey), triple -> Counter
-                .builder("uid2_token_generate_policy_usage_total")
-                .description("Counter for token generate policy usage")
-                .tags("api_contact", triple.getItem1(), "policy", String.valueOf(triple.getItem2()), "policy_parameter", triple.getItem3())
-                .register(Metrics.globalRegistry)).increment();
-    }
-
     private void recordTokenGenerateTCFUsage(String apiContact) {
         _tokenGenerateTCFUsage.computeIfAbsent(apiContact, contact -> Counter
                 .builder("uid2_token_generate_tcf_usage_total")
diff --git a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
index 835d76d91..116909fff 100644
--- a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
+++ b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
@@ -153,11 +153,6 @@ void deployVerticle(Vertx vertx, VertxTestContext testContext, TestInfo testInfo
 
         setupConfig(config);
         runtimeConfig = setupRuntimeConfig(config);
-        // TODO: Remove this when we remove tokenGenerateOptOutTokenWithDisableOptoutTokenFF test
-        if (testInfo.getTestMethod().isPresent() &&
-                testInfo.getTestMethod().get().getName().equals("tokenGenerateOptOutTokenWithDisableOptoutTokenFF")) {
-            config.put(Const.Config.DisableOptoutTokenProp, true);
-        }
         if (testInfo.getDisplayName().equals("cstgNoPhoneSupport(Vertx, VertxTestContext)")) {
             config.put("enable_phone_support", false);
         }
@@ -201,7 +196,6 @@ private void setupConfig(JsonObject config) {
         config.put(Const.Config.AllowClockSkewSecondsProp, 3600);
         config.put(Const.Config.OptOutStatusApiEnabled, true);
         config.put(Const.Config.OptOutStatusMaxRequestSize, optOutStatusMaxRequestSize);
-        config.put(Const.Config.DisableOptoutTokenProp, false);
         config.put(Const.Config.ConfigScanPeriodMsProp, 10000);
     }
 
@@ -1366,47 +1360,6 @@ void v3IdentityMapOutdatedRefreshFrom(Vertx vertx, VertxTestContext testContext)
         });
     }
 
-    @Test
-    void tokenGenerateNewClientNoPolicySpecified(Vertx vertx, VertxTestContext testContext) {
-        final int clientSiteId = 201;
-        fakeAuth(clientSiteId, newClientCreationDateTime, Role.GENERATOR);
-        setupSalts();
-        setupKeys();
-
-        JsonObject v2Payload = new JsonObject();
-        v2Payload.put("email", "test@email.com");
-
-        sendTokenGenerate(vertx, v2Payload, 400,
-                json -> {
-                    assertFalse(json.containsKey("body"));
-                    assertEquals("client_error", json.getString("status"));
-                    assertEquals("Required opt-out policy argument for token/generate is missing or not set to 1", json.getString("message"));
-                    testContext.completeNow();
-                });
-    }
-
-    @ParameterizedTest
-    @ValueSource(strings = {"policy", "optout_check"})
-    void tokenGenerateNewClientWrongPolicySpecified(String policyParamterKey, Vertx vertx, VertxTestContext testContext) {
-        final int clientSiteId = 201;
-        fakeAuth(clientSiteId, newClientCreationDateTime, Role.GENERATOR);
-        setupSalts();
-        setupKeys();
-
-        JsonObject v2Payload = new JsonObject();
-        v2Payload.put("email", "test@email.com");
-        v2Payload.put(policyParamterKey, OptoutCheckPolicy.DoNotRespect.policy);
-
-        sendTokenGenerate(vertx,
-                v2Payload, 400,
-                json -> {
-                    assertFalse(json.containsKey("body"));
-                    assertEquals("client_error", json.getString("status"));
-                    assertEquals("Required opt-out policy argument for token/generate is missing or not set to 1", json.getString("message"));
-                    testContext.completeNow();
-                });
-    }
-
     @Test
     void tokenGenerateNewClientNoPolicySpecifiedOlderKeySuccessful(Vertx vertx, VertxTestContext testContext) {
         ClientKey newClientKey = new ClientKey(
@@ -1489,130 +1442,6 @@ void tokenGenerateNewClientWrongPolicySpecifiedOlderKeySuccessful(String policyP
                 });
     }
 
-    @ParameterizedTest // TODO: remove test after optout check phase 3
-    @CsvSource({
-            "policy,someoptout@example.com,Email",
-            "policy,+01234567890,Phone",
-            "optout_check,someoptout@example.com,Email",
-            "optout_check,+01234567890,Phone"
-    })
-    void tokenGenerateOptOutToken(String policyParameterKey, String identity, IdentityType identityType,
-                                  Vertx vertx, VertxTestContext testContext) {
-        ClientKey oldClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime.minusSeconds(5),
-                Set.of(Role.GENERATOR),
-                201,
-                null
-        );
-        when(clientKeyProvider.get(any())).thenReturn(oldClientKey);
-        when(clientKeyProvider.getClientKey(any())).thenReturn(oldClientKey);
-        when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
-        when(this.optOutStore.getLatestEntry(any())).thenReturn(Instant.now());
-        setupSalts();
-        setupKeys();
-
-        JsonObject v2Payload = new JsonObject();
-        v2Payload.put(identityType.name().toLowerCase(), identity);
-        v2Payload.put(policyParameterKey, OptoutCheckPolicy.DoNotRespect.policy);
-
-        sendTokenGenerate(vertx,
-                v2Payload, 200,
-                json -> {
-                    InputUtil.InputVal optOutTokenInput = identityType == IdentityType.Email ?
-                            InputUtil.InputVal.validEmail(OptOutTokenIdentityForEmail, OptOutTokenIdentityForEmail) :
-                            InputUtil.InputVal.validPhone(OptOutIdentityForPhone, OptOutTokenIdentityForPhone);
-
-                    assertEquals("success", json.getString("status"));
-
-                    JsonObject body = json.getJsonObject("body");
-                    assertNotNull(body);
-
-                    decodeV2RefreshToken(json);
-
-                    AdvertisingToken advertisingToken = validateAndGetToken(encoder, body, identityType);
-                    RefreshToken refreshToken = encoder.decodeRefreshToken(body.getString("decrypted_refresh_token"));
-                    final byte[] advertisingId = getAdvertisingIdFromIdentity(identityType,
-                            optOutTokenInput.getNormalized(),
-                            firstLevelSalt,
-                            rotatingSalt123.currentSalt());
-                    final byte[] firstLevelHash = TokenUtils.getFirstLevelHashFromIdentity(optOutTokenInput.getNormalized(), firstLevelSalt);
-                    assertArrayEquals(advertisingId, advertisingToken.userIdentity.id);
-                    assertArrayEquals(firstLevelHash, refreshToken.userIdentity.id);
-
-                    assertFalse(PrivacyBits.fromInt(advertisingToken.userIdentity.privacyBits).isClientSideTokenGenerated());
-                    assertTrue(PrivacyBits.fromInt(advertisingToken.userIdentity.privacyBits).isClientSideTokenOptedOut());
-
-                    assertTokenStatusMetrics(
-                            201,
-                            TokenResponseStatsCollector.Endpoint.GenerateV2,
-                            TokenResponseStatsCollector.ResponseStatus.Success,
-                            TokenResponseStatsCollector.PlatformType.Other);
-
-                    sendTokenRefresh(vertx, testContext, body.getString("refresh_token"), body.getString("refresh_response_key"), 200, refreshRespJson -> {
-                        assertEquals("optout", refreshRespJson.getString("status"));
-                        JsonObject refreshBody = refreshRespJson.getJsonObject("body");
-                        assertNull(refreshBody);
-                        assertTokenStatusMetrics(
-                                201,
-                                TokenResponseStatsCollector.Endpoint.RefreshV2,
-                                TokenResponseStatsCollector.ResponseStatus.OptOut,
-                                TokenResponseStatsCollector.PlatformType.InApp);
-                        testContext.completeNow();
-                    }, Map.of(ClientVersionHeader, tvosClientVersionHeaderValue));
-                });
-    }
-
-    @ParameterizedTest // TODO: remove test after optout check phase 3
-    @CsvSource({
-            "policy,someoptout@example.com,Email",
-            "policy,+01234567890,Phone",
-            "optout_check,someoptout@example.com,Email",
-            "optout_check,+01234567890,Phone"
-    })
-    void tokenGenerateOptOutTokenWithDisableOptoutTokenFF(String policyParameterKey, String identity, IdentityType identityType,
-                                                          Vertx vertx, VertxTestContext testContext) {
-        ClientKey oldClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime.minusSeconds(5),
-                Set.of(Role.GENERATOR),
-                201,
-                null
-        );
-        when(clientKeyProvider.get(any())).thenReturn(oldClientKey);
-        when(clientKeyProvider.getClientKey(any())).thenReturn(oldClientKey);
-        when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
-        when(this.optOutStore.getLatestEntry(any())).thenReturn(Instant.now());
-        setupSalts();
-        setupKeys();
-
-        JsonObject v2Payload = new JsonObject();
-        v2Payload.put(identityType.name().toLowerCase(), identity);
-        v2Payload.put(policyParameterKey, OptoutCheckPolicy.DoNotRespect.policy);
-
-        sendTokenGenerate(vertx,
-                v2Payload, 200,
-                json -> {
-                    assertEquals("optout", json.getString("status"));
-
-                    decodeV2RefreshToken(json);
-
-                    assertTokenStatusMetrics(
-                            201,
-                            TokenResponseStatsCollector.Endpoint.GenerateV2,
-                            TokenResponseStatsCollector.ResponseStatus.OptOut,
-                            TokenResponseStatsCollector.PlatformType.Other);
-
-                    testContext.completeNow();
-                });
-    }
-
     @ParameterizedTest
     @CsvSource({
             "true,text/plain",

From d8c09fc7c3247736fc340ba33fcf7ec534e5fe68 Mon Sep 17 00:00:00 2001
From: Samin Rahman <samin.rahman@thetradedesk.com>
Date: Mon, 19 Jan 2026 10:47:49 +1100
Subject: [PATCH 5/6] Removed OptoutCheckPolicy, its references and modified
 related tests

---
 .../uid2/operator/model/IdentityRequest.java  |   7 -
 .../com/uid2/operator/model/MapRequest.java   |   7 -
 .../operator/model/OptoutCheckPolicy.java     |  27 --
 .../operator/service/UIDOperatorService.java  |   4 +-
 .../operator/vertx/UIDOperatorVerticle.java   |   5 -
 .../uid2/operator/UIDOperatorServiceTest.java | 147 ++--------
 .../operator/UIDOperatorVerticleTest.java     | 276 +-----------------
 .../benchmark/IdentityMapBenchmark.java       |   2 +-
 .../benchmark/TokenEndecBenchmark.java        |   2 -
 9 files changed, 37 insertions(+), 440 deletions(-)
 delete mode 100644 src/main/java/com/uid2/operator/model/OptoutCheckPolicy.java

diff --git a/src/main/java/com/uid2/operator/model/IdentityRequest.java b/src/main/java/com/uid2/operator/model/IdentityRequest.java
index 4a91f1e55..2bf2ee8b1 100644
--- a/src/main/java/com/uid2/operator/model/IdentityRequest.java
+++ b/src/main/java/com/uid2/operator/model/IdentityRequest.java
@@ -3,21 +3,14 @@
 public final class IdentityRequest {
     public final PublisherIdentity publisherIdentity;
     public final UserIdentity userIdentity;
-    public final OptoutCheckPolicy optoutCheckPolicy;
     public final IdentityEnvironment identityEnvironment;
 
     public IdentityRequest(
             PublisherIdentity publisherIdentity,
             UserIdentity userIdentity,
-            OptoutCheckPolicy tokenGeneratePolicy,
             IdentityEnvironment identityEnvironment) {
         this.publisherIdentity = publisherIdentity;
         this.userIdentity = userIdentity;
-        this.optoutCheckPolicy = tokenGeneratePolicy;
         this.identityEnvironment = identityEnvironment;
     }
-
-    public boolean shouldCheckOptOut() {
-        return optoutCheckPolicy.equals(OptoutCheckPolicy.RespectOptOut);
-    }
 }
diff --git a/src/main/java/com/uid2/operator/model/MapRequest.java b/src/main/java/com/uid2/operator/model/MapRequest.java
index 22debc6b9..1d70c7ba3 100644
--- a/src/main/java/com/uid2/operator/model/MapRequest.java
+++ b/src/main/java/com/uid2/operator/model/MapRequest.java
@@ -4,22 +4,15 @@
 
 public final class MapRequest {
     public final UserIdentity userIdentity;
-    public final OptoutCheckPolicy optoutCheckPolicy;
     public final Instant asOf;
     public final IdentityEnvironment identityEnvironment;
 
     public MapRequest(
             UserIdentity userIdentity,
-            OptoutCheckPolicy optoutCheckPolicy,
             Instant asOf,
             IdentityEnvironment identityEnvironment) {
         this.userIdentity = userIdentity;
-        this.optoutCheckPolicy = optoutCheckPolicy;
         this.asOf = asOf;
         this.identityEnvironment = identityEnvironment;
     }
-
-    public boolean shouldCheckOptOut() {
-        return optoutCheckPolicy.equals(OptoutCheckPolicy.RespectOptOut);
-    }
 }
diff --git a/src/main/java/com/uid2/operator/model/OptoutCheckPolicy.java b/src/main/java/com/uid2/operator/model/OptoutCheckPolicy.java
deleted file mode 100644
index 524b1619d..000000000
--- a/src/main/java/com/uid2/operator/model/OptoutCheckPolicy.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package com.uid2.operator.model;
-
-import com.uid2.operator.vertx.ClientInputValidationException;
-
-public enum OptoutCheckPolicy {
-    DoNotRespect(0),
-    RespectOptOut(1);
-
-    public final int policy;
-    OptoutCheckPolicy(int policy) { this.policy = policy; }
-
-    public static OptoutCheckPolicy fromValue(int value) {
-        switch (value) {
-            case 0: return DoNotRespect;
-            case 1: return RespectOptOut;
-            default: throw new ClientInputValidationException("Invalid value for OptoutCheckPolicy: " + value);
-        }
-    }
-
-    public static OptoutCheckPolicy defaultPolicy() {
-        return DoNotRespect;
-    }
-
-    public static OptoutCheckPolicy respectOptOut() {
-        return RespectOptOut;
-    }
-}
diff --git a/src/main/java/com/uid2/operator/service/UIDOperatorService.java b/src/main/java/com/uid2/operator/service/UIDOperatorService.java
index e06cf5bb1..9662dc59d 100644
--- a/src/main/java/com/uid2/operator/service/UIDOperatorService.java
+++ b/src/main/java/com/uid2/operator/service/UIDOperatorService.java
@@ -102,7 +102,7 @@ public IdentityTokens generateIdentity(IdentityRequest request, Duration refresh
                 request.userIdentity.identityScope, request.userIdentity.identityType, firstLevelHash, request.userIdentity.privacyBits,
                 request.userIdentity.establishedAt, request.userIdentity.refreshedAt);
 
-        if (request.shouldCheckOptOut() && getGlobalOptOutResult(firstLevelHashIdentity, false).isOptedOut()) {
+        if (getGlobalOptOutResult(firstLevelHashIdentity, false).isOptedOut()) {
             return IdentityTokens.LogoutToken;
         } else {
             return this.generateIdentity(request.publisherIdentity, firstLevelHashIdentity, refreshIdentityAfter, refreshExpiresAfter, identityExpiresAfter, request.identityEnvironment);
@@ -153,7 +153,7 @@ public RefreshResponse refreshIdentity(RefreshToken token, Duration refreshIdent
     @Override
     public MappedIdentity mapIdentity(MapRequest request) {
         final UserIdentity firstLevelHashIdentity = getFirstLevelHashIdentity(request.userIdentity, request.asOf);
-        if (request.shouldCheckOptOut() && getGlobalOptOutResult(firstLevelHashIdentity, false).isOptedOut()) {
+        if (getGlobalOptOutResult(firstLevelHashIdentity, false).isOptedOut()) {
             return MappedIdentity.LogoutIdentity;
         } else {
             return getMappedIdentity(firstLevelHashIdentity, request.asOf, request.identityEnvironment);
diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
index 41d44d0ff..539365919 100644
--- a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
+++ b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
@@ -111,7 +111,6 @@ public class UIDOperatorVerticle extends AbstractVerticle {
     private final Map<String, DistributionSummary> _identityMapMetricSummaries = new HashMap<>();
     private final Map<Tuple.Tuple2<String, Boolean>, DistributionSummary> _refreshDurationMetricSummaries = new HashMap<>();
     private final Map<Tuple.Tuple3<String, Boolean, Boolean>, Counter> _advertisingTokenExpiryStatus = new HashMap<>();
-    private final Map<Tuple.Tuple3<String, OptoutCheckPolicy, String>, Counter> _tokenGeneratePolicyCounters = new HashMap<>();
     private final Map<String, Counter> _tokenGenerateTCFUsage = new HashMap<>();
     private final Map<String, Tuple.Tuple2<Counter, Counter>> _identityMapUnmappedIdentifiers = new HashMap<>();
     private final Map<String, Counter> _identityMapRequestWithUnmapped = new HashMap<>();
@@ -486,7 +485,6 @@ private void handleClientSideTokenGenerateImpl(RoutingContext rc) throws NoSuchA
                     new IdentityRequest(
                             new PublisherIdentity(clientSideKeypair.getSiteId(), 0, 0),
                             input.toUserIdentity(this.identityScope, privacyBits.getAsInt(), Instant.now()),
-                            OptoutCheckPolicy.RespectOptOut,
                             identityEnvironment
                     ),
                     refreshIdentityAfter,
@@ -947,7 +945,6 @@ private void handleTokenGenerateV2(RoutingContext rc) {
                         new IdentityRequest(
                                 new PublisherIdentity(siteId, 0, 0),
                                 input.toUserIdentity(this.identityScope, 1, Instant.now()),
-                                OptoutCheckPolicy.respectOptOut(),
                                 identityEnvironment),
                         refreshIdentityAfter,
                         refreshExpiresAfter,
@@ -1099,7 +1096,6 @@ private JsonObject handleIdentityMapCommon(RoutingContext rc, InputUtil.InputVal
                 final MappedIdentity mappedIdentity = idService.mapIdentity(
                         new MapRequest(
                                 input.toUserIdentity(this.identityScope, 0, now),
-                                OptoutCheckPolicy.respectOptOut(),
                                 now,
                                 env));
 
@@ -1154,7 +1150,6 @@ private JsonObject processIdentityMapV3Response(RoutingContext rc, Map<String, I
                     final MappedIdentity mappedId = idService.mapIdentity(
                             new MapRequest(
                                     rawId.toUserIdentity(this.identityScope, 0, now),
-                                    OptoutCheckPolicy.respectOptOut(),
                                     now,
                                     env));
 
diff --git a/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java b/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java
index e6e4d2d15..8356ffac2 100644
--- a/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java
+++ b/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java
@@ -193,7 +193,6 @@ void testGenerateAndRefresh(int siteId, TokenVersion tokenVersion) {
         final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(siteId, 124, 125),
                 createUserIdentity("test-email-hash", IdentityScope.UID2, IdentityType.Email),
-                OptoutCheckPolicy.DoNotRespect,
                 IdentityEnvironment.TEST
         );
         final IdentityTokens tokens = uid2Service.generateIdentity(
@@ -247,34 +246,6 @@ void testGenerateAndRefresh(int siteId, TokenVersion tokenVersion) {
         assertArrayEquals(refreshToken.userIdentity.id, refreshToken2.userIdentity.id);
     }
 
-    @Test
-    void testTestOptOutKey_DoNotRespectOptout() {
-        final InputUtil.InputVal inputVal = InputUtil.normalizeEmail(IdentityConst.OptOutIdentityForEmail);
-
-        final IdentityRequest identityRequest = new IdentityRequest(
-                new PublisherIdentity(123, 124, 125),
-                inputVal.toUserIdentity(IdentityScope.UID2, 0, this.now),
-                OptoutCheckPolicy.DoNotRespect,
-                IdentityEnvironment.TEST
-        );
-        final IdentityTokens tokens = uid2Service.generateIdentity(
-                identityRequest,
-                Duration.ofSeconds(REFRESH_IDENTITY_TOKEN_AFTER_SECONDS),
-                Duration.ofSeconds(REFRESH_TOKEN_EXPIRES_AFTER_SECONDS),
-                Duration.ofSeconds(IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS));
-        verify(shutdownHandler, atLeastOnce()).handleSaltRetrievalResponse(false);
-        verify(shutdownHandler, never()).handleSaltRetrievalResponse(true);
-        assertNotNull(tokens);
-        assertFalse(tokens.isEmptyToken());
-
-        final RefreshToken refreshToken = this.tokenEncoder.decodeRefreshToken(tokens.getRefreshToken());
-        assertEquals(RefreshResponse.Optout, uid2Service.refreshIdentity(
-                refreshToken,
-                Duration.ofSeconds(REFRESH_IDENTITY_TOKEN_AFTER_SECONDS),
-                Duration.ofSeconds(REFRESH_TOKEN_EXPIRES_AFTER_SECONDS),
-                Duration.ofSeconds(IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS),
-                IdentityEnvironment.TEST));
-    }
 
     @Test
     void testTestOptOutKey_RespectOptout() {
@@ -283,7 +254,6 @@ void testTestOptOutKey_RespectOptout() {
         final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(123, 124, 125),
                 inputVal.toUserIdentity(IdentityScope.UID2, 0, this.now),
-                OptoutCheckPolicy.RespectOptOut,
                 IdentityEnvironment.TEST
         );
         final IdentityTokens tokens = uid2Service.generateIdentity(
@@ -297,14 +267,13 @@ void testTestOptOutKey_RespectOptout() {
     }
 
     @Test
-    void testTestOptOutKeyIdentityScopeMismatch() {
-        final String email = "optout@example.com";
+    void testTestIdentityScopeMismatch() {
+        final String email = "test@example.com";
         final InputUtil.InputVal inputVal = InputUtil.normalizeEmail(email);
 
         final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(123, 124, 125),
                 inputVal.toUserIdentity(IdentityScope.EUID, 0, this.now),
-                OptoutCheckPolicy.DoNotRespect,
                 IdentityEnvironment.TEST
         );
         final IdentityTokens tokens = euidService.generateIdentity(
@@ -335,16 +304,9 @@ void testTestOptOutKeyIdentityScopeMismatch() {
     void testGenerateTokenForOptOutUser(IdentityType type, String identity, IdentityScope scope) {
         final UserIdentity userIdentity = createUserIdentity(identity, scope, type);
 
-        final IdentityRequest identityRequestForceGenerate = new IdentityRequest(
-                new PublisherIdentity(123, 124, 125),
-                userIdentity,
-                OptoutCheckPolicy.DoNotRespect,
-                IdentityEnvironment.TEST);
-
-        final IdentityRequest identityRequestRespectOptOut = new IdentityRequest(
+        final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(123, 124, 125),
                 userIdentity,
-                OptoutCheckPolicy.RespectOptOut,
                 IdentityEnvironment.TEST);
 
         // the clock value shouldn't matter here
@@ -352,47 +314,24 @@ void testGenerateTokenForOptOutUser(IdentityType type, String identity, Identity
                 .thenReturn(Instant.now().minus(1, ChronoUnit.HOURS));
 
         final IdentityTokens tokens;
-        final AdvertisingToken advertisingToken;
-        final IdentityTokens tokensAfterOptOut;
         if (scope == IdentityScope.UID2) {
             tokens = uid2Service.generateIdentity(
-                    identityRequestForceGenerate,
-                    Duration.ofSeconds(REFRESH_IDENTITY_TOKEN_AFTER_SECONDS),
-                    Duration.ofSeconds(REFRESH_TOKEN_EXPIRES_AFTER_SECONDS),
-                    Duration.ofSeconds(IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS));
-            verify(shutdownHandler, atLeastOnce()).handleSaltRetrievalResponse(false);
-            verify(shutdownHandler, never()).handleSaltRetrievalResponse(true);
-            advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), IdentityScope.UID2, userIdentity.identityType, identityRequestRespectOptOut.publisherIdentity.siteId);
-            reset(shutdownHandler);
-            tokensAfterOptOut = uid2Service.generateIdentity(
-                    identityRequestRespectOptOut,
+                    identityRequest,
                     Duration.ofSeconds(REFRESH_IDENTITY_TOKEN_AFTER_SECONDS),
                     Duration.ofSeconds(REFRESH_TOKEN_EXPIRES_AFTER_SECONDS),
                     Duration.ofSeconds(IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS));
-
         } else {
             tokens = euidService.generateIdentity(
-                    identityRequestForceGenerate,
-                    Duration.ofSeconds(REFRESH_IDENTITY_TOKEN_AFTER_SECONDS),
-                    Duration.ofSeconds(REFRESH_TOKEN_EXPIRES_AFTER_SECONDS),
-                    Duration.ofSeconds(IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS));
-            verify(shutdownHandler, atLeastOnce()).handleSaltRetrievalResponse(false);
-            verify(shutdownHandler, never()).handleSaltRetrievalResponse(true);
-            advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), IdentityScope.EUID, userIdentity.identityType, identityRequestRespectOptOut.publisherIdentity.siteId);
-            reset(shutdownHandler);
-            tokensAfterOptOut = euidService.generateIdentity(
-                    identityRequestRespectOptOut,
+                    identityRequest,
                     Duration.ofSeconds(REFRESH_IDENTITY_TOKEN_AFTER_SECONDS),
                     Duration.ofSeconds(REFRESH_TOKEN_EXPIRES_AFTER_SECONDS),
                     Duration.ofSeconds(IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS));
         }
         verify(shutdownHandler, atLeastOnce()).handleSaltRetrievalResponse(false);
         verify(shutdownHandler, never()).handleSaltRetrievalResponse(true);
+        // Opt-out is always respected, so tokens should be empty for opted-out user
         assertNotNull(tokens);
-        assertNotNull(advertisingToken.userIdentity);
-        assertNotNull(tokensAfterOptOut);
-        assertTrue(tokensAfterOptOut.getAdvertisingToken() == null || tokensAfterOptOut.getAdvertisingToken().isEmpty());
-
+        assertTrue(tokens.getAdvertisingToken() == null || tokens.getAdvertisingToken().isEmpty());
     }
 
     @ParameterizedTest
@@ -404,15 +343,8 @@ void testIdentityMapForOptOutUser(IdentityType type, String identity, IdentitySc
         final UserIdentity userIdentity = createUserIdentity(identity, scope, type);
         final Instant now = Instant.now();
 
-        final MapRequest mapRequestForceMap = new MapRequest(
-                userIdentity,
-                OptoutCheckPolicy.DoNotRespect,
-                now,
-                IdentityEnvironment.TEST);
-
-        final MapRequest mapRequestRespectOptOut = new MapRequest(
+        final MapRequest mapRequest = new MapRequest(
                 userIdentity,
-                OptoutCheckPolicy.RespectOptOut,
                 now,
                 IdentityEnvironment.TEST);
 
@@ -421,26 +353,16 @@ void testIdentityMapForOptOutUser(IdentityType type, String identity, IdentitySc
                 .thenReturn(Instant.now().minus(1, ChronoUnit.HOURS));
 
         final MappedIdentity mappedIdentity;
-        final MappedIdentity mappedIdentityShouldBeOptOut;
         if (scope == IdentityScope.UID2) {
-            verify(shutdownHandler, atLeastOnce()).handleSaltRetrievalResponse(false);
-            verify(shutdownHandler, never()).handleSaltRetrievalResponse(true);
-            mappedIdentity = uid2Service.mapIdentity(mapRequestForceMap);
-            reset(shutdownHandler);
-            mappedIdentityShouldBeOptOut = uid2Service.mapIdentity(mapRequestRespectOptOut);
+            mappedIdentity = uid2Service.mapIdentity(mapRequest);
         } else {
-            verify(shutdownHandler, atLeastOnce()).handleSaltRetrievalResponse(false);
-            verify(shutdownHandler, never()).handleSaltRetrievalResponse(true);
-            mappedIdentity = euidService.mapIdentity(mapRequestForceMap);
-            reset(shutdownHandler);
-            mappedIdentityShouldBeOptOut = euidService.mapIdentity(mapRequestRespectOptOut);
+            mappedIdentity = euidService.mapIdentity(mapRequest);
         }
         verify(shutdownHandler, atLeastOnce()).handleSaltRetrievalResponse(false);
         verify(shutdownHandler, never()).handleSaltRetrievalResponse(true);
+        // Opt-out is always respected
         assertNotNull(mappedIdentity);
-        assertFalse(mappedIdentity.isOptedOut());
-        assertNotNull(mappedIdentityShouldBeOptOut);
-        assertTrue(mappedIdentityShouldBeOptOut.isOptedOut());
+        assertTrue(mappedIdentity.isOptedOut());
     }
 
     private enum TestIdentityInputType {
@@ -481,7 +403,6 @@ void testSpecialIdentityOptOutTokenGenerate(TestIdentityInputType type, String i
         final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(123, 124, 125),
                 inputVal.toUserIdentity(scope, 0, this.now),
-                OptoutCheckPolicy.RespectOptOut,
                 IdentityEnvironment.TEST
         );
 
@@ -521,7 +442,6 @@ void testSpecialIdentityOptOutIdentityMap(TestIdentityInputType type, String id,
 
         final MapRequest mapRequestRespectOptOut = new MapRequest(
                 inputVal.toUserIdentity(scope, 0, this.now),
-                OptoutCheckPolicy.RespectOptOut,
                 now,
                 IdentityEnvironment.TEST);
 
@@ -541,24 +461,26 @@ void testSpecialIdentityOptOutIdentityMap(TestIdentityInputType type, String id,
     }
 
     @ParameterizedTest
-    @CsvSource({"Email,optout@example.com,UID2",
-            "EmailHash,optout@example.com,UID2",
-            "Email,optout@example.com,EUID",
-            "EmailHash,optout@example.com,EUID",
-            "Phone,+00000000000,UID2",
-            "PhoneHash,+00000000000,UID2",
-            "Phone,+00000000000,EUID",
-            "PhoneHash,+00000000000,EUID"})
-    void testSpecialIdentityOptOutTokenRefresh(TestIdentityInputType type, String id, IdentityScope scope) {
+    @CsvSource({"Email,user@example.com,UID2",
+            "EmailHash,user@example.com,UID2",
+            "Email,user@example.com,EUID",
+            "EmailHash,user@example.com,EUID",
+            "Phone,+15555550100,UID2",
+            "PhoneHash,+15555550100,UID2",
+            "Phone,+15555550100,EUID",
+            "PhoneHash,+15555550100,EUID"})
+    void testOptOutTokenRefresh(TestIdentityInputType type, String id, IdentityScope scope) {
         InputUtil.InputVal inputVal = generateInputVal(type, id);
 
         final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(123, 124, 125),
                 inputVal.toUserIdentity(scope, 0, this.now),
-                OptoutCheckPolicy.DoNotRespect,
                 IdentityEnvironment.TEST
         );
 
+        // Mock optOutStore to return null (not opted out) during token generation
+        when(this.optOutStore.getLatestEntry(any())).thenReturn(null);
+
         IdentityTokens tokens;
         if (scope == IdentityScope.EUID) {
             tokens = euidService.generateIdentity(
@@ -578,8 +500,8 @@ void testSpecialIdentityOptOutTokenRefresh(TestIdentityInputType type, String id
         assertNotNull(tokens);
         assertNotEquals(IdentityTokens.LogoutToken, tokens);
 
-        // identity has no optout record, ensure refresh still returns optout
-        when(this.optOutStore.getLatestEntry(any())).thenReturn(null);
+        // Now mock optOutStore to return opted out for refresh
+        when(this.optOutStore.getLatestEntry(any())).thenReturn(Instant.now());
 
         final RefreshToken refreshToken = this.tokenEncoder.decodeRefreshToken(tokens.getRefreshToken());
         reset(shutdownHandler);
@@ -607,7 +529,6 @@ void testSpecialIdentityRefreshOptOutGenerate(TestIdentityInputType type, String
         final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(123, 124, 125),
                 inputVal.toUserIdentity(scope, 0, this.now),
-                OptoutCheckPolicy.RespectOptOut,
                 IdentityEnvironment.TEST
         );
 
@@ -661,7 +582,6 @@ void testSpecialIdentityRefreshOptOutIdentityMap(TestIdentityInputType type, Str
 
         final MapRequest mapRequestRespectOptOut = new MapRequest(
                 inputVal.toUserIdentity(scope, 0, this.now),
-                OptoutCheckPolicy.RespectOptOut,
                 now,
                 IdentityEnvironment.TEST);
 
@@ -695,7 +615,6 @@ void testSpecialIdentityValidateGenerate(TestIdentityInputType type, String id,
         final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(123, 124, 125),
                 inputVal.toUserIdentity(scope, 0, this.now),
-                OptoutCheckPolicy.RespectOptOut,
                 IdentityEnvironment.TEST
         );
 
@@ -739,7 +658,6 @@ void testSpecialIdentityValidateIdentityMap(TestIdentityInputType type, String i
 
         final MapRequest mapRequestRespectOptOut = new MapRequest(
                 inputVal.toUserIdentity(scope, 0, this.now),
-                OptoutCheckPolicy.RespectOptOut,
                 now,
                 IdentityEnvironment.TEST);
 
@@ -770,7 +688,6 @@ void testNormalIdentityOptIn(TestIdentityInputType type, String id, IdentityScop
         final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(123, 124, 125),
                 inputVal.toUserIdentity(scope, 0, this.now),
-                OptoutCheckPolicy.DoNotRespect,
                 IdentityEnvironment.TEST
         );
         IdentityTokens tokens;
@@ -848,7 +765,6 @@ void testExpiredSaltsNotifiesShutdownHandler(TestIdentityInputType type, String
         final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(123, 124, 125),
                 inputVal.toUserIdentity(scope, 0, this.now),
-                OptoutCheckPolicy.RespectOptOut,
                 IdentityEnvironment.TEST);
 
         IdentityTokens tokens;
@@ -891,7 +807,6 @@ void testExpiredSaltsNotifiesShutdownHandler(TestIdentityInputType type, String
 
         final MapRequest mapRequest = new MapRequest(
                 inputVal.toUserIdentity(scope, 0, this.now),
-                OptoutCheckPolicy.RespectOptOut,
                 now,
                 IdentityEnvironment.TEST);
         final MappedIdentity mappedIdentity;
@@ -920,7 +835,7 @@ void testMappedIdentityWithPreviousSaltReturnsPreviousUid() {
 
         var email = "test@uid.com";
         InputUtil.InputVal emailInput = generateInputVal(TestIdentityInputType.Email, email);
-        MapRequest mapRequest = new MapRequest(emailInput.toUserIdentity(IdentityScope.UID2, 0, this.now), OptoutCheckPolicy.RespectOptOut, now, IdentityEnvironment.TEST);
+        MapRequest mapRequest = new MapRequest(emailInput.toUserIdentity(IdentityScope.UID2, 0, this.now),  now, IdentityEnvironment.TEST);
 
         MappedIdentity mappedIdentity = uid2Service.mapIdentity(mapRequest);
 
@@ -943,7 +858,7 @@ void testMappedIdentityWithOutdatedPreviousSaltReturnsNoPreviousUid(long extraMs
 
         var email = "test@uid.com";
         InputUtil.InputVal emailInput = generateInputVal(TestIdentityInputType.Email, email);
-        MapRequest mapRequest = new MapRequest(emailInput.toUserIdentity(IdentityScope.UID2, 0, this.now), OptoutCheckPolicy.RespectOptOut, now, IdentityEnvironment.TEST);
+        MapRequest mapRequest = new MapRequest(emailInput.toUserIdentity(IdentityScope.UID2, 0, this.now),  now, IdentityEnvironment.TEST);
 
         MappedIdentity mappedIdentity = uid2Service.mapIdentity(mapRequest);
         var expectedCurrentUID = UIDOperatorVerticleTest.getRawUid(IdentityScope.UID2, IdentityType.Email, email, FIRST_LEVEL_SALT, salt.currentSalt(), uid2Config.getBoolean(IdentityV3Prop));
@@ -963,7 +878,7 @@ void testMappedIdentityWithNoPreviousSaltReturnsNoPreviousUid() {
 
         var email = "test@uid.com";
         InputUtil.InputVal emailInput = generateInputVal(TestIdentityInputType.Email, email);
-        MapRequest mapRequest = new MapRequest(emailInput.toUserIdentity(IdentityScope.UID2, 0, this.now), OptoutCheckPolicy.RespectOptOut, now, IdentityEnvironment.TEST);
+        MapRequest mapRequest = new MapRequest(emailInput.toUserIdentity(IdentityScope.UID2, 0, this.now),  now, IdentityEnvironment.TEST);
 
         MappedIdentity mappedIdentity = uid2Service.mapIdentity(mapRequest);
 
@@ -985,7 +900,7 @@ void testMappedIdentityWithValidRefreshFrom(int refreshFromDays) {
 
         var email = "test@uid.com";
         InputUtil.InputVal emailInput = generateInputVal(TestIdentityInputType.Email, email);
-        MapRequest mapRequest = new MapRequest(emailInput.toUserIdentity(IdentityScope.UID2, 0, this.now), OptoutCheckPolicy.RespectOptOut, now, IdentityEnvironment.TEST);
+        MapRequest mapRequest = new MapRequest(emailInput.toUserIdentity(IdentityScope.UID2, 0, this.now),  now, IdentityEnvironment.TEST);
 
         MappedIdentity mappedIdentity = uid2Service.mapIdentity(mapRequest);
 
@@ -1004,7 +919,7 @@ void testMappedIdentityWithOutdatedRefreshFrom() {
 
         var email = "test@uid.com";
         InputUtil.InputVal emailInput = generateInputVal(TestIdentityInputType.Email, email);
-        MapRequest mapRequest = new MapRequest(emailInput.toUserIdentity(IdentityScope.UID2, 0, this.now), OptoutCheckPolicy.RespectOptOut, now, IdentityEnvironment.TEST);
+        MapRequest mapRequest = new MapRequest(emailInput.toUserIdentity(IdentityScope.UID2, 0, this.now),  now, IdentityEnvironment.TEST);
 
         MappedIdentity mappedIdentity = uid2Service.mapIdentity(mapRequest);
 
diff --git a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
index 116909fff..8f2214498 100644
--- a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
+++ b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
@@ -735,8 +735,7 @@ private JsonObject setupIdentityMapServiceLinkTest() {
         setupSalts();
         setupKeys();
 
-        JsonObject req = createBatchEmailsRequestPayload();
-        req.put("optout_check", 1);
+        JsonObject req = createBatchEmailsRequestPayload();        
         return req;
     }
 
@@ -999,118 +998,6 @@ void fallbackToBase64DecodingIfBinaryEnvelopeDecodeFails(Vertx vertx, VertxTestC
         }, Map.of(HttpHeaders.CONTENT_TYPE.toString(), "application/octet-stream"), true);
     }
 
-    @ParameterizedTest
-    @ValueSource(strings = {"policy", "optout_check"})
-    void identityMapNewClientWrongPolicySpecified(String policyParameterKey, Vertx vertx, VertxTestContext testContext) {
-        final int clientSiteId = 201;
-        fakeAuth(clientSiteId, newClientCreationDateTime, Role.MAPPER);
-        setupSalts();
-        setupKeys();
-        // the clock value shouldn't matter here
-        when(optOutStore.getLatestEntry(any(UserIdentity.class)))
-                .thenReturn(now.minus(1, ChronoUnit.HOURS));
-        JsonObject req = new JsonObject();
-        JsonArray emails = new JsonArray();
-        emails.add("random-optout-user@email.io");
-        req.put("email", emails);
-        req.put(policyParameterKey, OptoutCheckPolicy.DoNotRespect.policy);
-
-        send(vertx, "v2/identity/map", req, 200, respJson -> {
-            assertTrue(respJson.containsKey("body"));
-            assertFalse(respJson.containsKey("client_error"));
-            JsonArray unmappedArr = respJson.getJsonObject("body").getJsonArray("unmapped");
-            Assertions.assertEquals(1, unmappedArr.size());
-            Assertions.assertEquals(emails.getString(0), unmappedArr.getJsonObject(0).getString("identifier"));
-            Assertions.assertEquals("optout", unmappedArr.getJsonObject(0).getString("reason"));
-            testContext.completeNow();
-        });
-    }
-
-    @Deprecated // We don't need a test for different behavior of new vs legacy participants
-    @Test
-    void identityMapNewClientNoPolicySpecifiedOlderKeySuccessful(Vertx vertx, VertxTestContext testContext) {
-        ClientKey newClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime,
-                Set.of(Role.MAPPER),
-                201,
-                null
-        );
-        ClientKey oldClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime.minusSeconds(5),
-                Set.of(Role.MAPPER),
-                201,
-                null
-        );
-        when(clientKeyProvider.get(any())).thenReturn(newClientKey);
-        when(clientKeyProvider.getClientKey(any())).thenReturn(newClientKey);
-        when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
-        setupSalts();
-        setupKeys();
-
-        JsonObject req = new JsonObject();
-        JsonArray emails = new JsonArray();
-        req.put("email", emails);
-        emails.add("test1@uid2.com");
-        // policy parameter not passed but will still succeed as old participant
-
-        send(vertx, "v2/identity/map", req, 200, respJson -> {
-            assertTrue(respJson.containsKey("body"));
-            assertEquals("success", respJson.getString("status"));
-            testContext.completeNow();
-        });
-    }
-
-    @Deprecated // We don't need a test for different behavior of new vs legacy participants
-    @ParameterizedTest
-    @ValueSource(strings = {"policy", "optout_check"})
-    void identityMapNewClientWrongPolicySpecifiedOlderKeySuccessful(String policyParameterKey, Vertx vertx, VertxTestContext testContext) {
-        ClientKey newClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime,
-                Set.of(Role.MAPPER),
-                201,
-                null
-        );
-        ClientKey oldClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime.minusSeconds(5),
-                Set.of(Role.MAPPER),
-                201,
-                null
-        );
-        when(clientKeyProvider.get(any())).thenReturn(newClientKey);
-        when(clientKeyProvider.getClientKey(any())).thenReturn(newClientKey);
-        when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
-        setupSalts();
-        setupKeys();
-
-        JsonObject req = new JsonObject();
-        JsonArray emails = new JsonArray();
-        req.put("email", emails);
-        req.put(policyParameterKey, OptoutCheckPolicy.DoNotRespect.policy);
-
-        emails.add("test1@uid2.com");
-
-        send(vertx, "v2/identity/map", req, 200, respJson -> {
-            assertTrue(respJson.containsKey("body"));
-            assertEquals("success", respJson.getString("status"));
-            testContext.completeNow();
-        });
-    }
 
     @ParameterizedTest
     @CsvSource({
@@ -1360,87 +1247,7 @@ void v3IdentityMapOutdatedRefreshFrom(Vertx vertx, VertxTestContext testContext)
         });
     }
 
-    @Test
-    void tokenGenerateNewClientNoPolicySpecifiedOlderKeySuccessful(Vertx vertx, VertxTestContext testContext) {
-        ClientKey newClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime,
-                Set.of(Role.GENERATOR),
-                201,
-                null
-        );
-        ClientKey oldClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime.minusSeconds(5),
-                Set.of(Role.GENERATOR),
-                201,
-                null
-        );
-        when(clientKeyProvider.get(any())).thenReturn(newClientKey);
-        when(clientKeyProvider.getClientKey(any())).thenReturn(newClientKey);
-        when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
-        setupSalts();
-        setupKeys();
-
-        JsonObject v2Payload = new JsonObject();
-        v2Payload.put("email", "test@email.com");
-
-        sendTokenGenerate(vertx,
-                v2Payload, 200,
-                json -> {
-                    assertTrue(json.containsKey("body"));
-                    assertEquals("success", json.getString("status"));
-                    testContext.completeNow();
-                });
-    }
-
-    @ParameterizedTest
-    @ValueSource(strings = {"policy", "optout_check"})
-    void tokenGenerateNewClientWrongPolicySpecifiedOlderKeySuccessful(String policyParameterKey, Vertx vertx, VertxTestContext testContext) {
-        ClientKey newClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime,
-                Set.of(Role.GENERATOR),
-                201,
-                null
-        );
-        ClientKey oldClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime.minusSeconds(5),
-                Set.of(Role.GENERATOR),
-                201,
-                null
-        );
-        when(clientKeyProvider.get(any())).thenReturn(newClientKey);
-        when(clientKeyProvider.getClientKey(any())).thenReturn(newClientKey);
-        when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
-        setupSalts();
-        setupKeys();
-
-        JsonObject v2Payload = new JsonObject();
-        v2Payload.put("email", "test@email.com");
-        v2Payload.put(policyParameterKey, OptoutCheckPolicy.DoNotRespect.policy);
-
-        sendTokenGenerate(vertx,
-                v2Payload, 200,
-                json -> {
-                    assertTrue(json.containsKey("body"));
-                    assertEquals("success", json.getString("status"));
-                    testContext.completeNow();
-                });
-    }
+   
 
     @ParameterizedTest
     @CsvSource({
@@ -1676,7 +1483,6 @@ void tokenGenerateThenRefreshNoActiveKey(Vertx vertx, VertxTestContext testConte
 
         JsonObject v2Payload = new JsonObject();
         v2Payload.put("email", "test@email.com");
-        v2Payload.put("optout_check", 1);
 
         sendTokenGenerate(vertx,
                 v2Payload, 200,
@@ -1895,7 +1701,6 @@ void tokenGenerateNoActiveKey(Vertx vertx, VertxTestContext testContext) {
 
         JsonObject v2Payload = new JsonObject();
         v2Payload.put("email", "test@email.com");
-        v2Payload.put("optout_check", 1);
 
         sendTokenGenerate(vertx,
                 v2Payload, 500,
@@ -3085,43 +2890,6 @@ void identityMapBatchRequestTooLargeForPhone(Vertx vertx, VertxTestContext testC
         send(vertx, "v2/identity/map", req, 413, json -> testContext.completeNow());
     }
 
-    @ParameterizedTest
-    @CsvSource({
-            "true,policy",
-            "true,optout_check",
-
-            "false,policy",
-            "false,optout_check"
-    })
-    void tokenGenerateRespectOptOutOption(boolean useV4Uid, String policyParameterKey, Vertx vertx, VertxTestContext testContext) {
-        final int clientSiteId = 201;
-        fakeAuth(clientSiteId, Role.GENERATOR);
-        setupKeys();
-        setupSalts(useV4Uid);
-
-        // the clock value shouldn't matter here
-        when(optOutStore.getLatestEntry(any(UserIdentity.class)))
-                .thenReturn(now.minus(1, ChronoUnit.HOURS));
-
-        JsonObject req = new JsonObject();
-        req.put("email", "random-optout-user@email.io");
-        req.put(policyParameterKey, 1);
-
-        // for EUID
-        addAdditionalTokenGenerateParams(req);
-
-        send(vertx, "v2/token/generate", req, 200, json -> {
-            try {
-                Assertions.assertEquals(ResponseUtil.ResponseStatus.OptOut, json.getString("status"));
-                Assertions.assertNull(json.getJsonObject("body"));
-                assertTokenStatusMetrics(clientSiteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.OptOut, TokenResponseStatsCollector.PlatformType.Other);
-                testContext.completeNow();
-            } catch (Exception e) {
-                testContext.failNow(e);
-            }
-        });
-    }
-
     @ParameterizedTest
     @ValueSource(booleans = {true, false})
     void identityMapOptoutDefaultOption(boolean useV4Uid, Vertx vertx, VertxTestContext testContext) {
@@ -3154,43 +2922,6 @@ void identityMapOptoutDefaultOption(boolean useV4Uid, Vertx vertx, VertxTestCont
         });
     }
 
-    @ParameterizedTest
-    @CsvSource({
-            "true,policy",
-            "true,optout_check",
-
-            "false,policy",
-            "false,optout_check"
-    })
-    void identityMapRespectOptOutOption(boolean useV4Uid, String policyParameterKey, Vertx vertx, VertxTestContext testContext) {
-        final int clientSiteId = 201;
-        fakeAuth(clientSiteId, Role.MAPPER);
-        setupKeys();
-        setupSalts(useV4Uid);
-
-        // the clock value shouldn't matter here
-        when(optOutStore.getLatestEntry(any(UserIdentity.class)))
-                .thenReturn(now.minus(1, ChronoUnit.HOURS));
-
-        JsonObject req = new JsonObject();
-        JsonArray emails = new JsonArray();
-        emails.add("random-optout-user@email.io");
-        req.put("email", emails);
-        req.put(policyParameterKey, 1);
-
-        send(vertx, "v2/identity/map", req, 200, json -> {
-            try {
-                Assertions.assertTrue(json.getJsonObject("body").getJsonArray("mapped").isEmpty());
-                Assertions.assertEquals(1, json.getJsonObject("body").getJsonArray("unmapped").size());
-                Assertions.assertEquals("random-optout-user@email.io", json.getJsonObject("body").getJsonArray("unmapped").getJsonObject(0).getString("identifier"));
-                Assertions.assertEquals("optout", json.getJsonObject("body").getJsonArray("unmapped").getJsonObject(0).getString("reason"));
-                testContext.completeNow();
-            } catch (Exception e) {
-                testContext.failNow(e);
-            }
-        });
-    }
-
     @Test
     void requestWithoutClientKeyOrReferer(Vertx vertx, VertxTestContext testContext) {
         final String emailAddress = "test@uid2.com";
@@ -4291,8 +4022,7 @@ void cstgInvalidInput(String identityType, String rawUID, Vertx vertx, VertxTest
         setupKeys(true);
 
         JsonObject identity = new JsonObject();
-        identity.put(identityType, getSha256(rawUID) + getSha256(rawUID));
-        identity.put("optout_check", 1);
+        identity.put(identityType, getSha256(rawUID) + getSha256(rawUID));    
         Tuple.Tuple2<JsonObject, SecretKey> data = createClientSideTokenGenerateRequestWithPayload(identity, Instant.now().toEpochMilli(), null);
 
         sendCstg(vertx,
diff --git a/src/test/java/com/uid2/operator/benchmark/IdentityMapBenchmark.java b/src/test/java/com/uid2/operator/benchmark/IdentityMapBenchmark.java
index a897755d9..185bc8a53 100644
--- a/src/test/java/com/uid2/operator/benchmark/IdentityMapBenchmark.java
+++ b/src/test/java/com/uid2/operator/benchmark/IdentityMapBenchmark.java
@@ -127,7 +127,7 @@ public MappedIdentity IdentityMapRawThroughput() {
     @BenchmarkMode(Mode.Throughput)
     public MappedIdentity IdentityMapWithOptOutThroughput() {
         return uidService.mapIdentity(
-                new MapRequest(userIdentities[(idx++) & 65535], OptoutCheckPolicy.RespectOptOut, Instant.now(), IdentityEnvironment.TEST)
+                new MapRequest(userIdentities[(idx++) & 65535], Instant.now(), IdentityEnvironment.TEST)
         );
     }
 
diff --git a/src/test/java/com/uid2/operator/benchmark/TokenEndecBenchmark.java b/src/test/java/com/uid2/operator/benchmark/TokenEndecBenchmark.java
index 2733d9cf3..e3e37b1a2 100644
--- a/src/test/java/com/uid2/operator/benchmark/TokenEndecBenchmark.java
+++ b/src/test/java/com/uid2/operator/benchmark/TokenEndecBenchmark.java
@@ -43,7 +43,6 @@ static IdentityTokens[] createAdvertisingTokens() {
                             new IdentityRequest(
                                     publisher,
                                     userIdentities[i],
-                                    OptoutCheckPolicy.DoNotRespect,
                                     IdentityEnvironment.TEST),
                             Duration.ofSeconds(BenchmarkCommon.REFRESH_IDENTITY_TOKEN_AFTER_SECONDS),
                             Duration.ofSeconds(BenchmarkCommon.REFRESH_TOKEN_EXPIRES_AFTER_SECONDS),
@@ -59,7 +58,6 @@ public IdentityTokens TokenGenerationBenchmark() {
         return uidService.generateIdentity(new IdentityRequest(
                         publisher,
                         userIdentities[(idx++) & 65535],
-                        OptoutCheckPolicy.DoNotRespect,
                         IdentityEnvironment.TEST),
                 Duration.ofSeconds(BenchmarkCommon.REFRESH_IDENTITY_TOKEN_AFTER_SECONDS),
                 Duration.ofSeconds(BenchmarkCommon.REFRESH_TOKEN_EXPIRES_AFTER_SECONDS),

From e7bac4dca0c166e37868749c40ad93dbffbd5cf5 Mon Sep 17 00:00:00 2001
From: Samin Rahman <samin.rahman@thetradedesk.com>
Date: Tue, 20 Jan 2026 11:38:41 +1100
Subject: [PATCH 6/6] Removed reference to getOldestClientKey

---
 src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
index 8f2214498..d5590329c 100644
--- a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
+++ b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
@@ -221,7 +221,6 @@ protected void fakeAuth(int siteId, Instant created, Role... roles) {
         );
         when(clientKeyProvider.get(any())).thenReturn(clientKey);
         when(clientKeyProvider.getClientKey(any())).thenReturn(clientKey);
-        when(clientKeyProvider.getOldestClientKey(anyInt())).thenReturn(clientKey);
     }
 
     private void clearAuth() {