diff --git a/example/frontend/src/app/backend-api.service.ts b/example/frontend/src/app/backend-api.service.ts
index a4afbdc..fcfe672 100644
--- a/example/frontend/src/app/backend-api.service.ts
+++ b/example/frontend/src/app/backend-api.service.ts
@@ -174,6 +174,8 @@ export class BackendApiService {
   }
 
   jwtPost(endpoint: string, path: string, publicKey: string, body: any): Observable<any> {
+    // TODO - we may not need this method
+    // see notes in: (identity) src/app/identity.service.ts
     const request = this.identityService.jwt({
       ...this.identityService.identityServiceParamsForKey(publicKey),
     });
diff --git a/src/app/identity.service.ts b/src/app/identity.service.ts
index fbcc90a..139d3bb 100644
--- a/src/app/identity.service.ts
+++ b/src/app/identity.service.ts
@@ -96,6 +96,12 @@ export class IdentityService {
   }
 
   private handleJwt(data: any): void {
+    // Give a permission token that expires in 10 minutes. DeSo apps use it for
+    // things like image uploading. Creation of this token is subject to same
+    // access level requirements as actions and transactions.
+    // TODO - make this work with LBRY. Or, nix it if we know we don't need it.
+    // Perhaps this will actually *be* our "actions"?
+
     if (!this.approve(data, AccessLevel.ApproveAll)) {
       return;
     }