diff --git a/cmd/server/pactasrv/BUILD.bazel b/cmd/server/pactasrv/BUILD.bazel
index 485350e..40579e0 100644
--- a/cmd/server/pactasrv/BUILD.bazel
+++ b/cmd/server/pactasrv/BUILD.bazel
@@ -17,6 +17,6 @@ go_library(
         "//db",
         "//openapi:pacta_generated",
         "//pacta",
-        "@org_uber_go_zap//:zap",
+        "@com_github_go_chi_jwtauth_v5//:jwtauth",
     ],
 )
diff --git a/cmd/server/pactasrv/conv_pacta_to_oapi.go b/cmd/server/pactasrv/conv_pacta_to_oapi.go
index 95fecd7..2191082 100644
--- a/cmd/server/pactasrv/conv_pacta_to_oapi.go
+++ b/cmd/server/pactasrv/conv_pacta_to_oapi.go
@@ -26,17 +26,32 @@ func initiativeToOAPI(i *pacta.Initiative) (*api.Initiative, error) {
 	}, nil
 }
 
+func userToOAPI(user *pacta.User) (*api.User, error) {
+	if user == nil {
+		return nil, errorInternal(fmt.Errorf("userToOAPI: can't convert nil pointer"))
+	}
+	return &api.User{
+		Admin:             user.Admin,
+		CanonicalEmail:    &user.CanonicalEmail,
+		EnteredEmail:      user.EnteredEmail,
+		Id:                string(user.ID),
+		Name:              user.Name,
+		PreferredLanguage: api.UserPreferredLanguage(user.PreferredLanguage),
+		SuperAdmin:        user.SuperAdmin,
+	}, nil
+}
+
 func pactaVersionToOAPI(pv *pacta.PACTAVersion) (*api.PactaVersion, error) {
 	if pv == nil {
 		return nil, errorInternal(fmt.Errorf("pactaVersionToOAPI: can't convert nil pointer"))
 	}
 	return &api.PactaVersion{
+		CreatedAt:   pv.CreatedAt,
+		Description: pv.Description,
+		Digest:      pv.Digest,
 		Id:          string(pv.ID),
-		Name:        pv.Name,
 		IsDefault:   pv.IsDefault,
-		Digest:      pv.Digest,
-		Description: pv.Description,
-		CreatedAt:   pv.CreatedAt,
+		Name:        pv.Name,
 	}, nil
 }
 
diff --git a/cmd/server/pactasrv/error.go b/cmd/server/pactasrv/error.go
index d9f02cd..ee8508f 100644
--- a/cmd/server/pactasrv/error.go
+++ b/cmd/server/pactasrv/error.go
@@ -210,3 +210,6 @@ func (response apiError) VisitFindUserByIdResponse(w http.ResponseWriter) error
 func (response apiError) VisitUpdateUserResponse(w http.ResponseWriter) error {
 	return response.visit(w)
 }
+func (response apiError) VisitFindUserByMeResponse(w http.ResponseWriter) error {
+	return response.visit(w)
+}
diff --git a/cmd/server/pactasrv/pactasrv.go b/cmd/server/pactasrv/pactasrv.go
index f179e60..a476d4d 100644
--- a/cmd/server/pactasrv/pactasrv.go
+++ b/cmd/server/pactasrv/pactasrv.go
@@ -52,10 +52,9 @@ type DB interface {
 	CreatePortfolioInitiativeMembership(tx db.Tx, pim *pacta.PortfolioInitiativeMembership) error
 	DeletePortfolioInitiativeMembership(tx db.Tx, pid pacta.PortfolioID, iid pacta.InitiativeID) error
 
+	GetOrCreateUserByAuthn(tx db.Tx, authnMechanism pacta.AuthnMechanism, authnID, enteredEmail, canonicalEmail string) (*pacta.User, error)
 	User(tx db.Tx, id pacta.UserID) (*pacta.User, error)
-	UserByAuthn(tx db.Tx, authnMechanism pacta.AuthnMechanism, authnID string) (*pacta.User, error)
 	Users(tx db.Tx, ids []pacta.UserID) (map[pacta.UserID]*pacta.User, error)
-	CreateUser(tx db.Tx, u *pacta.User) (pacta.UserID, error)
 	UpdateUser(tx db.Tx, id pacta.UserID, mutations ...db.UpdateUserFn) error
 	DeleteUser(tx db.Tx, id pacta.UserID) error
 }
diff --git a/cmd/server/pactasrv/user.go b/cmd/server/pactasrv/user.go
index 28e59d1..48df0fd 100644
--- a/cmd/server/pactasrv/user.go
+++ b/cmd/server/pactasrv/user.go
@@ -2,8 +2,11 @@ package pactasrv
 
 import (
 	"context"
+	"fmt"
 
 	api "github.com/RMI/pacta/openapi/pacta"
+	"github.com/RMI/pacta/pacta"
+	"github.com/go-chi/jwtauth/v5"
 )
 
 // Returns a user by ID
@@ -50,3 +53,50 @@ func (s *Server) deleteUser(ctx context.Context, request api.DeleteUserRequestOb
 	// TODO(#12) Implement Authorization
 	return errorNotImplemented("deleteUser")
 }
+
+// Returns the logged in user
+// (GET /user/me)
+func (s *Server) FindUserByMe(ctx context.Context, request api.FindUserByMeRequestObject) (api.FindUserByMeResponseObject, error) {
+	user, err := s.findUserByMe(ctx, request)
+	if err != nil {
+		return errToAPIError(err)
+	}
+	return api.FindUserByMe200JSONResponse(*user), nil
+}
+
+func (s *Server) findUserByMe(ctx context.Context, request api.FindUserByMeRequestObject) (*api.User, error) {
+	token, _, err := jwtauth.FromContext(ctx)
+	if err != nil {
+		// TODO(grady) upgrade this to the new error handling strategy after #12
+		return nil, errorUnauthorized("lookup self", "without authorization token")
+	}
+	if token == nil {
+		return nil, errorUnauthorized("lookup self ", "without authorization token")
+	}
+	emailsClaim, ok := token.PrivateClaims()["emails"]
+	if !ok {
+		return nil, errorUnauthorized("lookup self", "without email claim in token")
+	}
+	emails, ok := emailsClaim.([]string)
+	if !ok || len(emails) == 0 {
+		return nil, errorInternal(fmt.Errorf("couldn't parse email claim in token"))
+	}
+	// TODO(#18) Handle Multiple Emails in the Token Claims gracefully
+	if len(emails) > 1 {
+		return nil, errorBadRequest("jwt token", "multiple emails in token")
+	}
+	email := emails[0]
+	canonical, err := pacta.CanonicalizeEmail(email)
+	if err != nil {
+		return nil, errorBadRequest("email", "invalid email on token")
+	}
+	authnID := token.Subject()
+	if authnID == "" {
+		return nil, fmt.Errorf("couldn't find authn id in jwt")
+	}
+	user, err := s.DB.GetOrCreateUserByAuthn(s.DB.NoTxn(ctx), pacta.AuthnMechanism_EmailAndPass, authnID, email, canonical)
+	if err != nil {
+		return nil, fmt.Errorf("getting user by authn: %w", err)
+	}
+	return userToOAPI(user)
+}
diff --git a/db/sqldb/initiative_user_test.go b/db/sqldb/initiative_user_test.go
index 9b4fdef..7e853d8 100644
--- a/db/sqldb/initiative_user_test.go
+++ b/db/sqldb/initiative_user_test.go
@@ -27,7 +27,7 @@ func TestCreateInitiativeUserRelationship(t *testing.T) {
 		PACTAVersion: &pacta.PACTAVersion{ID: pvID},
 	}
 	err1 := tdb.CreateInitiative(tx, i)
-	uid, err2 := tdb.CreateUser(tx, &pacta.User{
+	uid, err2 := tdb.createUser(tx, &pacta.User{
 		CanonicalEmail: "canon",
 		EnteredEmail:   "entered",
 		AuthnMechanism: pacta.AuthnMechanism_EmailAndPass,
@@ -74,7 +74,7 @@ func TestUpdateInitiativeUserRelationship(t *testing.T) {
 		PACTAVersion: &pacta.PACTAVersion{ID: pvID},
 	}
 	err1 := tdb.CreateInitiative(tx, i)
-	uid, err2 := tdb.CreateUser(tx, &pacta.User{
+	uid, err2 := tdb.createUser(tx, &pacta.User{
 		CanonicalEmail: "canon",
 		EnteredEmail:   "entered",
 		AuthnMechanism: pacta.AuthnMechanism_EmailAndPass,
@@ -141,13 +141,13 @@ func TestListInitiativeUserRelationships(t *testing.T) {
 		PACTAVersion: &pacta.PACTAVersion{ID: pvID},
 	}
 	err2 := tdb.CreateInitiative(tx, i2)
-	u1, err3 := tdb.CreateUser(tx, &pacta.User{
+	u1, err3 := tdb.createUser(tx, &pacta.User{
 		CanonicalEmail: "canon",
 		EnteredEmail:   "entered",
 		AuthnMechanism: pacta.AuthnMechanism_EmailAndPass,
 		AuthnID:        "A",
 	})
-	u2, err4 := tdb.CreateUser(tx, &pacta.User{
+	u2, err4 := tdb.createUser(tx, &pacta.User{
 		CanonicalEmail: "canon2",
 		EnteredEmail:   "entered2",
 		AuthnMechanism: pacta.AuthnMechanism_EmailAndPass,
diff --git a/db/sqldb/user.go b/db/sqldb/user.go
index 2bb10b9..fb6cdca 100644
--- a/db/sqldb/user.go
+++ b/db/sqldb/user.go
@@ -37,7 +37,7 @@ func (d *DB) User(tx db.Tx, id pacta.UserID) (*pacta.User, error) {
 	return exactlyOne("user", id, us)
 }
 
-func (d *DB) UserByAuthn(tx db.Tx, authnMechanism pacta.AuthnMechanism, authnID string) (*pacta.User, error) {
+func (d *DB) userByAuthn(tx db.Tx, authnMechanism pacta.AuthnMechanism, authnID string) (*pacta.User, error) {
 	rows, err := d.query(tx, `
 		SELECT `+userSelectColumns+`
 		FROM pacta_user 
@@ -52,6 +52,39 @@ func (d *DB) UserByAuthn(tx db.Tx, authnMechanism pacta.AuthnMechanism, authnID
 	return exactlyOne("user", fmt.Sprintf("%s:%s", authnMechanism, authnID), us)
 }
 
+func (d *DB) GetOrCreateUserByAuthn(tx db.Tx, authnMechanism pacta.AuthnMechanism, authnID, enteredEmail, canonicalEmail string) (*pacta.User, error) {
+	var user *pacta.User
+	err := d.RunOrContinueTransaction(tx, func(tx db.Tx) error {
+		u, err := d.userByAuthn(tx, authnMechanism, authnID)
+		if err == nil {
+			user = u
+			return nil
+		}
+		if !db.IsNotFound(err) {
+			return fmt.Errorf("looking up user by authn: %w", err)
+		}
+		uID, err := d.createUser(tx, &pacta.User{
+			CanonicalEmail: canonicalEmail,
+			EnteredEmail:   enteredEmail,
+			AuthnMechanism: authnMechanism,
+			AuthnID:        authnID,
+		})
+		if err != nil {
+			return fmt.Errorf("creating user: %w", err)
+		}
+		u, err = d.User(tx, uID)
+		if err != nil {
+			return fmt.Errorf("reading back created user: %w", err)
+		}
+		user = u
+		return nil
+	})
+	if err != nil {
+		return nil, fmt.Errorf("running get_or_create_user txn: %w", err)
+	}
+	return user, nil
+}
+
 func (d *DB) Users(tx db.Tx, ids []pacta.UserID) (map[pacta.UserID]*pacta.User, error) {
 	ids = dedupeIDs(ids)
 	rows, err := d.query(tx, `
@@ -72,7 +105,7 @@ func (d *DB) Users(tx db.Tx, ids []pacta.UserID) (map[pacta.UserID]*pacta.User,
 	return result, nil
 }
 
-func (d *DB) CreateUser(tx db.Tx, u *pacta.User) (pacta.UserID, error) {
+func (d *DB) createUser(tx db.Tx, u *pacta.User) (pacta.UserID, error) {
 	if err := validateUserForCreation(u); err != nil {
 		return "", fmt.Errorf("validating user for creation: %w", err)
 	}
diff --git a/db/sqldb/user_test.go b/db/sqldb/user_test.go
index 427c481..fc8e3e9 100644
--- a/db/sqldb/user_test.go
+++ b/db/sqldb/user_test.go
@@ -12,7 +12,7 @@ import (
 	"github.com/google/go-cmp/cmp/cmpopts"
 )
 
-func TestCreateUser(t *testing.T) {
+func TestcreateUser(t *testing.T) {
 	ctx := context.Background()
 	tdb := createDBForTesting(t)
 	tx := tdb.NoTxn(ctx)
@@ -23,7 +23,7 @@ func TestCreateUser(t *testing.T) {
 		CanonicalEmail: "canonical-email",
 		Name:           "User's Name",
 	}
-	userID, err := tdb.CreateUser(tx, u)
+	userID, err := tdb.createUser(tx, u)
 	if err != nil {
 		t.Fatalf("creating user: %v", err)
 	}
@@ -40,7 +40,7 @@ func TestCreateUser(t *testing.T) {
 	}
 
 	// Read by Authn
-	actual, err = tdb.UserByAuthn(tx, u.AuthnMechanism, u.AuthnID)
+	actual, err = tdb.userByAuthn(tx, u.AuthnMechanism, u.AuthnID)
 	if err != nil {
 		t.Fatalf("getting user by authn: %w", err)
 	}
@@ -63,7 +63,7 @@ func TestCreateUser(t *testing.T) {
 	u2 := u.Clone()
 	u2.EnteredEmail = "entered email 2"
 	u2.CanonicalEmail = "canonical email 2"
-	_, err = tdb.CreateUser(tx, u2)
+	_, err = tdb.createUser(tx, u2)
 	if err == nil {
 		t.Fatalf("expected error, got nil")
 	}
@@ -72,7 +72,7 @@ func TestCreateUser(t *testing.T) {
 	u3 := u.Clone()
 	u3.EnteredEmail = "entered email 3"
 	u3.AuthnID = "AUthn id 3"
-	_, err = tdb.CreateUser(tx, u3)
+	_, err = tdb.createUser(tx, u3)
 	if err == nil {
 		t.Fatalf("expected error, got nil")
 	}
@@ -81,7 +81,7 @@ func TestCreateUser(t *testing.T) {
 	u4 := u.Clone()
 	u4.AuthnID = "authn id 3"
 	u4.CanonicalEmail = "canonical email 4"
-	_, err = tdb.CreateUser(tx, u4)
+	_, err = tdb.createUser(tx, u4)
 	if err == nil {
 		t.Fatalf("expected error, got nil")
 	}
@@ -91,7 +91,7 @@ func TestCreateUser(t *testing.T) {
 	u5.EnteredEmail = "entered email 5"
 	u5.AuthnID = "AUthn id 5"
 	u5.CanonicalEmail = "canonical email 5"
-	_, err = tdb.CreateUser(tx, u5)
+	_, err = tdb.createUser(tx, u5)
 	if err != nil {
 		t.Fatal("expected success but got: %w", err)
 	}
@@ -108,7 +108,7 @@ func TestUpdateUser(t *testing.T) {
 		CanonicalEmail: "canonical-email",
 		Name:           "User's Name",
 	}
-	userID, err0 := tdb.CreateUser(tx, u)
+	userID, err0 := tdb.createUser(tx, u)
 	noErrDuringSetup(t, err0)
 	u.CreatedAt = time.Now()
 	u.ID = userID
@@ -175,13 +175,13 @@ func TestListUsers(t *testing.T) {
 		CanonicalEmail: "cannnnon",
 		EnteredEmail:   "enter3",
 	}
-	userIDA, err0 := tdb.CreateUser(tx, userA)
+	userIDA, err0 := tdb.createUser(tx, userA)
 	userA.ID = userIDA
 	userA.CreatedAt = time.Now()
-	userIDB, err1 := tdb.CreateUser(tx, userB)
+	userIDB, err1 := tdb.createUser(tx, userB)
 	userB.ID = userIDB
 	userB.CreatedAt = time.Now()
-	userIDC, err2 := tdb.CreateUser(tx, userC)
+	userIDC, err2 := tdb.createUser(tx, userC)
 	userC.ID = userIDC
 	userC.CreatedAt = time.Now()
 	err3 := tdb.UpdateUser(tx, userIDA, db.SetUserName(nameA))
@@ -215,7 +215,7 @@ func TestDeleteUser(t *testing.T) {
 		CanonicalEmail: "canonical-email",
 		Name:           "User's Name",
 	}
-	userID, err0 := tdb.CreateUser(tx, u)
+	userID, err0 := tdb.createUser(tx, u)
 	noErrDuringSetup(t, err0)
 
 	err := tdb.DeleteUser(tx, userID)
@@ -230,7 +230,7 @@ func TestDeleteUser(t *testing.T) {
 	}
 
 	// Read by Authn
-	_, err = tdb.UserByAuthn(tx, u.AuthnMechanism, u.AuthnID)
+	_, err = tdb.userByAuthn(tx, u.AuthnMechanism, u.AuthnID)
 	if err == nil {
 		t.Fatalf("expected error, got nil")
 	}
@@ -286,7 +286,7 @@ func testUserEnumConvertability[E comparable](t *testing.T, writeE func(E, *pact
 		u.CanonicalEmail = fmt.Sprintf("canonical-email-%d", iteration)
 		writeE(e, u)
 		iteration++
-		id2, err := tdb.CreateUser(tx, u)
+		id2, err := tdb.createUser(tx, u)
 		id = id2
 		return err
 	}
@@ -332,7 +332,7 @@ func userForTestingWithKey(t *testing.T, tdb *DB, key string) *pacta.User {
 	}
 	ctx := context.Background()
 	tx := tdb.NoTxn(ctx)
-	uid, err := tdb.CreateUser(tx, u)
+	uid, err := tdb.createUser(tx, u)
 	if err != nil {
 		t.Fatalf("creating user: %v", err)
 	}
diff --git a/deps.bzl b/deps.bzl
index dcba202..fe8761e 100644
--- a/deps.bzl
+++ b/deps.bzl
@@ -543,6 +543,13 @@ def go_dependencies():
         sum = "h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=",
         version = "v1.1.1",
     )
+    # Re-review this package if upgraded.
+    go_repository(
+        name = "com_github_dimuska139_go_email_normalizer",
+        importpath = "github.com/dimuska139/go-email-normalizer",
+        sum = "h1:pJNZnU7uS9MRoYqpoir05B+bCYXrS9sPGE4G1o9EDA8=",
+        version = "v1.2.1",
+    )
 
     go_repository(
         name = "com_github_docker_distribution",
diff --git a/frontend/components/standard/Content.vue b/frontend/components/standard/Content.vue
index f55596a..8700b80 100644
--- a/frontend/components/standard/Content.vue
+++ b/frontend/components/standard/Content.vue
@@ -37,7 +37,7 @@
     margin: 0.5rem 0;
   }
 
-  min-height: calc(100vh - 9rem - 4px);
+  min-height: calc(100vh - 9.25rem - 4px);
   justify-content: center;
 }
 </style>
diff --git a/frontend/components/standard/Nav.vue b/frontend/components/standard/Nav.vue
index 64b106e..1713fc8 100644
--- a/frontend/components/standard/Nav.vue
+++ b/frontend/components/standard/Nav.vue
@@ -1,6 +1,7 @@
 <script setup lang="ts">
 import { type MenuItem } from 'primevue/menuitem'
 
+const { showStandardDebug } = useLocalStorage()
 const { isAuthenticated, signIn, signOut } = await useMSAL()
 const router = useRouter()
 
@@ -10,11 +11,10 @@ const menuHidden = useState<boolean>(`${prefix}.menuHidden`, () => false)
 const menuStyles = computed(() => {
   return {
     transition: menuHidden.value ? 'max-height .1s ease' : 'max-height .5s ease',
-    overflow: menuHidden.value ? 'hidden' : undefined,
+    overflow: 'hidden',
     'max-height': menuHidden.value ? '0px' : '100vh',
     border: menuHidden.value ? undefined : '2px solid',
-    'margin-top': menuHidden.value ? '0' : '-2px',
-    padding: menuHidden.value ? '0' : '.25rem 0'
+    'margin-top': menuHidden.value ? '0' : '-2px'
   }
 })
 
@@ -25,10 +25,16 @@ const menuItems = computed(() => {
       label: 'Home'
     },
     {
-      to: 'https://github.com/RMI/pacta/issues/new',
+      to: 'https://github.com/RMI-PACTA/app/issues/new',
       label: 'File a Bug'
     }
   ]
+  if (showStandardDebug) {
+    result.push({
+      label: 'Admin',
+      to: '/admin'
+    })
+  }
   if (isAuthenticated.value) {
     result.push({
       label: 'Sign Out',
@@ -61,7 +67,7 @@ const menuItems = computed(() => {
       />
     </div>
     <div
-      class="flex gap-2 sm:pt-1 flex-1 flex-column sm:flex-row border-primary sm:border-none sm:max-h-full border-round justify-content-end"
+      class="flex gap-2 sm:p-1 flex-1 flex-column sm:flex-row border-primary sm:border-none sm:max-h-full border-round justify-content-end"
       :style="menuStyles"
     >
       <template
@@ -70,8 +76,7 @@ const menuItems = computed(() => {
         <LinkButton
           v-if="mi.to"
           :key="index"
-          class="p-button-text"
-          :class="mi.to === router.currentRoute"
+          :class="mi.to === router.currentRoute.value.fullPath ? 'border-noround sm:border-round' : 'p-button-text'"
           :to="mi.to"
           :label="`${mi.label}`"
         />
diff --git a/frontend/composables/useSession.ts b/frontend/composables/useSession.ts
new file mode 100644
index 0000000..d039d2b
--- /dev/null
+++ b/frontend/composables/useSession.ts
@@ -0,0 +1,70 @@
+import { type User } from '@/openapi/generated/pacta'
+
+export const useSession = () => {
+  const { pactaClient } = useAPI()
+  const { error: { handleOAPIError } } = useModal()
+
+  const prefix = 'useSession'
+  const signedIn = useState<boolean>(`${prefix}.signedIn`, () => true)
+
+  const currentUser = useState<User | undefined>(`${prefix}.currentUser`, () => undefined)
+  const isAdmin = computed(() => currentUser.value && currentUser.value.admin)
+  const isSuperAdmin = computed(() => currentUser.value && currentUser.value.superAdmin)
+
+  const resolvers = useState<Array<() => void>>(`${prefix}.resolvers`, () => [])
+  const loadCurrentUser = (hardRefresh = false): Promise<void> => {
+    // Return the cached user if we don't explicitly want a new one
+    if (currentUser.value && !hardRefresh) {
+      return Promise.resolve()
+    }
+
+    // We're already loading a user, wait with everyone else
+    if (resolvers.value.length > 0) {
+      return new Promise((resolve) => {
+        resolvers.value.push(resolve)
+      })
+    }
+
+    // We're the first to request a user, kick of the request and hop in line at the front of the queue.
+    return new Promise((resolve) => {
+      resolvers.value.push(resolve)
+      void pactaClient.findUserByMe()
+        .then(handleOAPIError)
+        .then(m => {
+          currentUser.value = m
+
+          // Let everyone else know we've loaded the user and clear the queue.
+          resolvers.value.forEach((fn) => { fn() })
+          resolvers.value = []
+        })
+    })
+  }
+  const getMe = async () => {
+    await loadCurrentUser()
+    return {
+      // LoadCurrentUser's return is only undefined as a technicality to support
+      // the single-lookup behavior above. This cast is safe.
+      me: currentUser as Ref<User>,
+      isAdmin,
+      isSuperAdmin
+    }
+  }
+  const getMaybeMe = async () => {
+    if (signedIn.value) {
+      await loadCurrentUser()
+    }
+    return {
+      // Will be a Ref with a value of undefined if the user isn't logged in.
+      maybeMe: currentUser,
+      isAdmin,
+      isSuperAdmin
+    }
+  }
+
+  return {
+    signedIn,
+    getMe,
+    getMaybeMe,
+    currentUser
+  }
+}
diff --git a/frontend/layouts/default.vue b/frontend/layouts/default.vue
index 090a4e0..75f00ac 100644
--- a/frontend/layouts/default.vue
+++ b/frontend/layouts/default.vue
@@ -13,7 +13,7 @@ onMountedWithLoading(() => { /* nothing to do */ }, 'defaultLayout.onMountedWith
     >
       <main
         class="px-3 md:px-6 w-full lg:w-10 xl:w-8 mx-auto"
-        style="min-height: calc(100vh - 9rem - 4px);"
+        style="min-height: calc(100vh - 9.25rem - 4px);"
       >
         <NuxtPage />
       </main>
diff --git a/frontend/openapi/generated/pacta/services/DefaultService.ts b/frontend/openapi/generated/pacta/services/DefaultService.ts
index 126c405..0cc25e5 100644
--- a/frontend/openapi/generated/pacta/services/DefaultService.ts
+++ b/frontend/openapi/generated/pacta/services/DefaultService.ts
@@ -36,6 +36,10 @@ export class DefaultService {
             path: {
                 'id': id,
             },
+            errors: {
+                401: `the user is not authorized to access this resource - if logged out, try logging in`,
+                403: `the user is not authorized to access this resource`,
+            },
         });
     }
 
@@ -230,6 +234,23 @@ export class DefaultService {
         });
     }
 
+    /**
+     * gets info about the logged in user
+     * Returns the logged in user, if the user is logged in, otherwise returns empty
+     * @returns User user response
+     * @returns Error unexpected error
+     * @throws ApiError
+     */
+    public findUserByMe(): CancelablePromise<User | Error> {
+        return this.httpRequest.request({
+            method: 'GET',
+            url: '/user/me',
+            errors: {
+                401: `caller is not logged in - log in to continue`,
+            },
+        });
+    }
+
     /**
      * Returns a user by ID
      * Returns a user based on a single ID
diff --git a/go.mod b/go.mod
index 079aa51..08a10de 100644
--- a/go.mod
+++ b/go.mod
@@ -48,6 +48,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
+	github.com/dimuska139/go-email-normalizer v1.2.1 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/getkin/kin-openapi v0.112.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
diff --git a/go.sum b/go.sum
index a6de7f6..a195fcc 100644
--- a/go.sum
+++ b/go.sum
@@ -422,6 +422,8 @@ github.com/dhui/dktest v0.3.10 h1:0frpeeoM9pHouHjhLeZDuDTJ0PqjDTrycaHaMmkJAo8=
 github.com/dhui/dktest v0.3.10/go.mod h1:h5Enh0nG3Qbo9WjNFRrwmKUaePEBhXMOygbz3Ww7Sz0=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
+github.com/dimuska139/go-email-normalizer v1.2.1 h1:pJNZnU7uS9MRoYqpoir05B+bCYXrS9sPGE4G1o9EDA8=
+github.com/dimuska139/go-email-normalizer v1.2.1/go.mod h1:fGPWcd/7PSz9aOHusKVYmDk+oKahH/fZTCQ7tTU7e0Y=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
diff --git a/openapi/pacta.yaml b/openapi/pacta.yaml
index bbfa0b4..15f1030 100644
--- a/openapi/pacta.yaml
+++ b/openapi/pacta.yaml
@@ -310,6 +310,31 @@ paths:
               schema:
                 $ref: '#/components/schemas/Error'
 
+  /user/me:
+    get:
+      description: Returns the logged in user, if the user is logged in, otherwise returns empty
+      summary: gets info about the logged in user 
+      operationId: findUserByMe
+      responses:
+        '200':
+          description: user response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/User'
+        '401':
+          description: caller is not logged in - log in to continue 
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmptySuccess'
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+
   /user/{id}:
     get:
       summary: Returns a user by ID
diff --git a/pacta/BUILD.bazel b/pacta/BUILD.bazel
index c104590..9008f99 100644
--- a/pacta/BUILD.bazel
+++ b/pacta/BUILD.bazel
@@ -2,15 +2,21 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
     name = "pacta",
-    srcs = ["pacta.go"],
+    srcs = [
+        "email.go",
+        "pacta.go",
+        "populate.go",
+    ],
     importpath = "github.com/RMI/pacta/pacta",
     visibility = ["//visibility:public"],
+    deps = ["@com_github_dimuska139_go_email_normalizer//:go_default_library"],
 )
 
 go_test(
     name = "pacta_test",
     srcs = [
         "clone_test.go",
+        "email_test.go",
         "enum_test.go",
     ],
     embed = [":pacta"],
diff --git a/pacta/email.go b/pacta/email.go
new file mode 100644
index 0000000..00d14a6
--- /dev/null
+++ b/pacta/email.go
@@ -0,0 +1,40 @@
+package pacta
+
+import (
+	"fmt"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+
+	normalizer "github.com/dimuska139/go-email-normalizer"
+)
+
+var n = normalizer.NewNormalizer()
+
+func CanonicalizeEmail(email string) (string, error) {
+	// Performs basic validation, preventing obviously malformed email addresses, but
+	// not capturing the entirety of the RFC 5322 grammar.
+	split := strings.Split(email, "@")
+	if len(split) != 2 {
+		return "", fmt.Errorf("invalid email, wrong number of at-signs: %q", email)
+	}
+	if !utf8.ValidString(split[0]) {
+		return "", fmt.Errorf("invalid email, non-ASCII or UTF-8 local part: %q", split[0])
+	}
+	if len(split[0]) == 0 || len(split[1]) == 0 {
+		return "", fmt.Errorf("invalid email, empty local or domain part: %q", email)
+	}
+	// Performs complex, vendor-specific normalizations, preventing obvious duplicates
+	// like plus-aliases, and gmail dot aliases. This will return the original if it cannot
+	// parse or simplify it.
+	return n.Normalize(email), nil
+}
+
+func includesSpace(s string) bool {
+	for _, r := range s {
+		if unicode.IsSpace(r) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/pacta/email_test.go b/pacta/email_test.go
new file mode 100644
index 0000000..a34c3f0
--- /dev/null
+++ b/pacta/email_test.go
@@ -0,0 +1,55 @@
+package pacta
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestEmailCanonization(t *testing.T) {
+	cases := []struct {
+		input       string
+		ouptut      string
+		errExpected bool
+	}{
+		// Testing valid Gmail addresses with different variations
+		{"john.doe@gmail.com", "johndoe@gmail.com", false},
+		{"john.doe+123@gmail.com", "johndoe@gmail.com", false},
+		{"j.o.h.n.d.o.e@gmail.com", "johndoe@gmail.com", false},
+		{"johndoe+test@gmail.com", "johndoe@gmail.com", false},
+		{"john.doe@googlemail.com", "johndoe@gmail.com", false},
+
+		// Testing valid non-Gmail addresses
+		{"johndoe@protonmail.ch", "johndoe@protonmail.ch", false},
+		{"john+doe@protonmail.ch", "johndoe@protonmail.ch", false},
+		{"john.doe+test@outlook.com", "john.doetest@outlook.com", false},
+		{"john@🙂.com", "john@🙂.com", false},
+
+		// Testing invalid email addresses
+		{"john.doe", "", true},
+		{"john.doe@", "", true},
+		{"john doe@gmail.com", "", true},
+		{"johndoe@gmail	.com", "", true},
+		{"@gmail.com", "", true},
+		{"@gmail.com", "", true},
+		{"john🙂doe@gmail.com", "", true},
+
+		// Testing valid email addresses with different domains
+		{"john.doe@hotmail.com", "john.doe@hotmail.com", false},
+		{"j.o.h.n.doe+test@domain.com", "j.o.h.n.doe+test@domain.com", false},
+	}
+
+	for i, c := range cases {
+		t.Run(fmt.Sprintf("case %d", i), func(t *testing.T) {
+			output, err := CanonizeEmail(c.input)
+			if c.errExpected && err == nil {
+				t.Errorf("expected error, got nil")
+			}
+			if !c.errExpected && err != nil {
+				t.Errorf("unexpected error: %v", err)
+			}
+			if output != c.ouptut {
+				t.Errorf("expected %q, got %q", c.ouptut, output)
+			}
+		})
+	}
+}
diff --git a/pacta/populate.go b/pacta/populate.go
index 273b0f2..8ccafeb 100644
--- a/pacta/populate.go
+++ b/pacta/populate.go
@@ -1,4 +1,4 @@
-package sqldb
+package pacta
 
 func (a *AnalysisArtifact) Blobs() []*Blob {
 	if a == nil {
diff --git a/scripts/run_db.sh b/scripts/run_db.sh
index 9311e08..1b7a095 100755
--- a/scripts/run_db.sh
+++ b/scripts/run_db.sh
@@ -95,6 +95,13 @@ if [ "$SKIP_MIGRATE" = false ]; then
   migrate_db "$DSN"
 fi
 
-echo "DB is up!"
+echo "
+░█▀▄░█▄█░▀█▀
+░█▀▄░█░█░░█░
+░▀░▀░▀░▀░▀▀▀
+░░░█▀▄░█▀▄  
+░░░█░█░█▀▄  
+░░░▀▀░░▀▀░  
+"
 
 docker wait local-postgres