I have moved the function to backend/application.jsw with the same results.
But the code is being called from the front-end, so I suppose it will always run under the credentials of the currentUser. (non-admin)
I would have expected a permissions error, instead of an empty result in the success-callback, but I suppose a permissions issue sound like the reason.
Does this mean I’ll have to try and just call register() and wait for the error, just to check whether a user already exists? Seems like an expensive way.