diff --git a/packages/engine-backend/router/_base.ts b/packages/engine-backend/router/_base.ts
index a58ef5d3..8395a885 100644
--- a/packages/engine-backend/router/_base.ts
+++ b/packages/engine-backend/router/_base.ts
@@ -43,9 +43,19 @@ export const trpc = initTRPC
     },
   })
 
-export const publicProcedure = trpc.procedure
+export const publicProcedure = trpc.procedure.use(
+  ({next, ctx, input, rawInput, meta, path}) => {
+    console.log('[trpc]', {
+      input,
+      rawInput,
+      meta,
+      path,
+    })
+    return next({ctx})
+  },
+)
 
-export const protectedProcedure = trpc.procedure.use(({next, ctx}) => {
+export const protectedProcedure = publicProcedure.use(({next, ctx}) => {
   if (!hasRole(ctx.viewer, ['end_user', 'user', 'org', 'system'])) {
     throw new TRPCError({
       code: ctx.viewer.role === 'anon' ? 'UNAUTHORIZED' : 'FORBIDDEN',
@@ -59,7 +69,7 @@ export const protectedProcedure = trpc.procedure.use(({next, ctx}) => {
   return next({ctx: {...ctx, viewer: ctx.viewer, asOrgIfNeeded, extEndUserId}})
 })
 
-export const adminProcedure = trpc.procedure.use(({next, ctx}) => {
+export const adminProcedure = publicProcedure.use(({next, ctx}) => {
   if (!hasRole(ctx.viewer, ['user', 'org', 'system'])) {
     throw new TRPCError({
       code: ctx.viewer.role === 'anon' ? 'UNAUTHORIZED' : 'FORBIDDEN',
@@ -68,7 +78,7 @@ export const adminProcedure = trpc.procedure.use(({next, ctx}) => {
   return next({ctx: {...ctx, viewer: ctx.viewer}})
 })
 
-export const systemProcedure = trpc.procedure.use(({next, ctx}) => {
+export const systemProcedure = publicProcedure.use(({next, ctx}) => {
   if (!hasRole(ctx.viewer, ['system'])) {
     throw new TRPCError({
       code: ctx.viewer.role === 'anon' ? 'UNAUTHORIZED' : 'FORBIDDEN',
diff --git a/packages/engine-backend/router/endUserRouter.ts b/packages/engine-backend/router/endUserRouter.ts
index 65a24d80..81005dbc 100644
--- a/packages/engine-backend/router/endUserRouter.ts
+++ b/packages/engine-backend/router/endUserRouter.ts
@@ -22,7 +22,7 @@ export {type inferProcedureInput} from '@trpc/server'
 
 export const zConnectTokenPayload = z.object({
   endUserId: zEndUserId
-    .optional()
+    .nullable()
     .describe(
       'Anything that uniquely identifies the end user that you will be sending the magic link to',
     ),
@@ -83,6 +83,7 @@ function asEndUser(
   viewer: Viewer,
   input: {endUserId?: EndUserId | null},
 ): Viewer<'end_user'> {
+  console.log('[asEndUser]', viewer, input)
   // Figure out a better way to share code here...
   if (!('orgId' in viewer) || !viewer.orgId) {
     throw new TRPCError({
@@ -122,11 +123,16 @@ export const endUserRouter = trpc.router({
     .meta({openapi: {method: 'POST', path: '/connect/token', tags}})
     .input(endUserRouterSchema.createConnectToken.input)
     .output(z.object({token: z.string()}))
-    .mutation(({input: {validityInSeconds, ...input}, ctx}) => ({
-      token: ctx.jwt.signViewer(asEndUser(ctx.viewer, input), {
+    .mutation(({input: {validityInSeconds, ...input}, ctx}) => {
+      console.log('[createConnectToken]', ctx.viewer, input, {
         validityInSeconds,
-      }),
-    })),
+      })
+      return {
+        token: ctx.jwt.signViewer(asEndUser(ctx.viewer, input), {
+          validityInSeconds,
+        }),
+      }
+    }),
   createMagicLink: protectedProcedure
     .meta({openapi: {method: 'POST', path: '/connect/magic-link', tags}})
     .input(endUserRouterSchema.createMagicLink.input)