W001: Create user
Creates the platform user record the first time someone authenticates with Firebase. Triggered from the Login or OrgSignup page on a user's first load and idempotent on subsequent calls. Also returns any pending invitations addressed to the user's email so the next page can prompt them to accept.
Steps
-
Verify the Firebase token. Extract
firebaseUid,email, and display name from the verified ID token. Reject if the token is invalid or the email claim is missing. -
Look up the existing user. Call
Platform.getUserByFirebaseUid. If a row already exists, skip creation; creating the user record is idempotent for repeat first-loads. -
Create the platform user. When no row exists, call
Platform.createUserwith the Firebase identity fields. -
List pending invitations. Call
Platform.listInvitationsByEmail(email, ['pending'])so the caller can chain into the Accept invitation flow if anything is waiting.
Returns
The platform user record (new or existing) plus any pending invitations addressed to the user's email.
Business rules
- Idempotent on repeat calls. A second create-user call for the same Firebase identity returns the existing user rather than failing or creating a duplicate.
- No organization is created. Creating the user record establishes the user only. Org creation is a separate workflow (W003) that the OrgSignup page chains immediately after when the user picked the "create my own org" path.
- Firebase UID uniqueness. Enforced at the table level by the L2
createUserop.
Errors
ValidationError. The Firebase token is invalid or the email claim is missing.