Refactor: Add logging for getUser() failure

supabase/functions/process-selective-approval/index.ts

@@ -68,15 +68,46 @@ serve(async (req) => {
     });
 
     // Verify JWT and get authenticated user
+    console.log('🔍 [AUTH DEBUG] Attempting getUser()...', {
+      hasAuthHeader: !!authHeader,
+      authHeaderLength: authHeader?.length,
+      authHeaderPrefix: authHeader?.substring(0, 20) + '...',
+      supabaseUrl,
+      timestamp: new Date().toISOString()
+    });
+
     const { data: { user }, error: authError } = await supabaseAuth.auth.getUser();
+    
+    console.log('🔍 [AUTH DEBUG] getUser() result:', {
+      hasUser: !!user,
+      userId: user?.id,
+      userEmail: user?.email,
+      hasError: !!authError,
+      errorMessage: authError?.message,
+      errorName: authError?.name,
+      errorStatus: authError?.status,
+      errorCode: authError?.code
+    });
+
     if (authError || !user) {
-      console.error('Auth verification failed:', authError);
+      console.error('❌ [AUTH DEBUG] Auth verification failed:', {
+        error: authError,
+        errorDetails: JSON.stringify(authError),
+        authHeaderPresent: !!authHeader,
+        authHeaderSample: authHeader?.substring(0, 30) + '...'
+      });
       return new Response(
-        JSON.stringify({ error: 'Invalid authentication token.' }),
+        JSON.stringify({ 
+          error: 'Invalid authentication token.',
+          details: authError?.message || 'No user found',
+          code: authError?.code
+        }),
         { status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
       );
     }
     
+    console.log('✅ [AUTH DEBUG] Authentication successful for user:', user.id);
+    
     // SECURITY NOTE: Service role key used later in this function
     // Reason: Need to bypass RLS to write approved changes to entity tables
     // (parks, rides, companies, ride_models) which have RLS policies