Returns the subset of the caller's authenticated session that is safe to surface to the client. A 200 confirms the JWT is still valid and the custom authorizer has accepted it; any other status (typically 401 from the authorizer) means the client should re-authenticate.

This endpoint runs no domain logic — it only reflects what the authorizer already decided. Use it as a cheap "am I still logged in?" probe on app resume or before a sensitive UI transition.