From fd4bdbbc8508ab3737b251643bbc06ea3695e304 Mon Sep 17 00:00:00 2001
From: Bobby Iliev <bobby@bobbyiliev.com>
Date: Tue, 14 Jan 2025 17:12:23 +0200
Subject: [PATCH 1/2] Add support for service accounts to provider auth

---
 pkg/clients/frontegg_client.go | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/pkg/clients/frontegg_client.go b/pkg/clients/frontegg_client.go
index 8b2a5a98..64371abd 100644
--- a/pkg/clients/frontegg_client.go
+++ b/pkg/clients/frontegg_client.go
@@ -127,7 +127,20 @@ func getToken(ctx context.Context, password string, endpoint string) (string, st
 
 	email, ok := claims["email"].(string)
 	if !ok {
-		return "", "", time.Time{}, errors.New("email claim not found in token")
+		// If email is not present (service account case), use metadata.user or sub as identifier
+		if metadata, hasMetadata := claims["metadata"].(map[string]interface{}); hasMetadata {
+			if user, hasUser := metadata["user"].(string); hasUser {
+				email = user
+			}
+		}
+
+		if email == "" {
+			if sub, hasSub := claims["sub"].(string); hasSub {
+				email = sub
+			} else {
+				return "", "", time.Time{}, errors.New("neither email nor subject found in token")
+			}
+		}
 	}
 
 	var tokenExpiry time.Time

From 31e4bfc4b9e70fbccecf61b66ec27a6ca12db8af Mon Sep 17 00:00:00 2001
From: Bobby Iliev <bobby@bobbyiliev.com>
Date: Tue, 14 Jan 2025 20:56:28 +0200
Subject: [PATCH 2/2] Explicitly reset email when type assertion fails

---
 pkg/clients/frontegg_client.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/clients/frontegg_client.go b/pkg/clients/frontegg_client.go
index 64371abd..870e3cbd 100644
--- a/pkg/clients/frontegg_client.go
+++ b/pkg/clients/frontegg_client.go
@@ -127,13 +127,13 @@ func getToken(ctx context.Context, password string, endpoint string) (string, st
 
 	email, ok := claims["email"].(string)
 	if !ok {
+		email = ""
 		// If email is not present (service account case), use metadata.user or sub as identifier
 		if metadata, hasMetadata := claims["metadata"].(map[string]interface{}); hasMetadata {
 			if user, hasUser := metadata["user"].(string); hasUser {
 				email = user
 			}
 		}
-
 		if email == "" {
 			if sub, hasSub := claims["sub"].(string); hasSub {
 				email = sub