.sisyphus/evidence/final-qa/s54-unauthorized-tenant.json

{"error":"User is not a member of tenant 99999999-9999-9999-9999-999999999999"}
HTTP:403
fix: exempt /api/clubs/me from tenant validation - Add path exemption in TenantValidationMiddleware for /api/clubs/me - Change authorization policy from RequireMember to RequireViewer - Fix KEYCLOAK_CLIENT_ID in docker-compose.yml (workclub-app not workclub-api) - Endpoint now works without X-Tenant-Id header as intended - Other endpoints still protected by tenant validation This fixes the chicken-and-egg problem where frontend needs to call /api/clubs/me to discover available clubs before selecting a tenant. 2026-03-05 21:32:37 +01:00			`{"error":"User is not a member of tenant 99999999-9999-9999-9999-999999999999"}`
			`HTTP:403`