W002: Get user
Returns the authenticated user's profile, their active-org context, and the list of every org they belong to. Triggered on app load. The L4 boundary uses the response to pick (or confirm) an active org via the X-Org-Id header on every subsequent request.
Steps
-
Verify the Firebase token. Extract
firebaseUidfrom the verified ID token. The shared auth middleware also resolves the active user-in-org row from the requested org (if any) and rejects if the requested org membership doesn't exist. -
Update last-login timestamp. Fire-and-forget call to
Platform.touchUserLastLogin(userId). Failure here is logged but never propagates; the workflow does not wait for completion. -
Load all orgs for this Firebase identity. Call
Platform.listOrganizationsForFirebaseUid(firebaseUid). Returns every active org the user belongs to with role and settings (joined in one query — no per-orgapp.org_idswitching). -
Assemble the response. Merge the resolved active user row with the organizations list.
Returns
{ user: { id, orgId, firebaseUid, email, displayName, role, organizations: [...] } } plus a Cache-Control: no-store header so the response is never cached.
Business rules
- No tenant context required at entry. The auth middleware sets the active org from the
X-Org-Idheader if present, otherwise falls back to the user's oldest membership. The workflow itself does not assumeapp.org_idis already set. - Cache-bypass response headers. This endpoint always returns
no-store, no-cache, must-revalidate, private. Per-user identity must never be cached by intermediaries. - Last-login is best-effort. If the timestamp update fails, the workflow still returns the user successfully.
Errors
NotFoundError. Nousersrow exists for the verified Firebase identity in the requested org (or in any org if noX-Org-Idwas supplied).