Add Cloudflare Service Auth with JWT

Author: ja-openai

webapp/src/main/java/com/box/l10n/mojito/security/WebSecurityJWTConfig.java

@@ -143,11 +143,17 @@ private User ensureUserFromJwt(Jwt jwt) {
     String name = jwt.getClaimAsString("name");
     String given = jwt.getClaimAsString("given_name");
     String family = jwt.getClaimAsString("family_name");
+    String commonName = jwt.getClaimAsString("common_name");
+    String type = jwt.getClaimAsString("type");
 
     String username =
         switch (providerType) {
           case AZURE_AD -> firstNonBlank(localPart(upn), localPart(email), sub, oid);
-          case CLOUDFLARE -> firstNonBlank(localPart(email), sub, oid, localPart(upn));
+            // app = service token and only common name exists in that case
+          case CLOUDFLARE ->
+              "app".equals(type)
+                  ? commonName
+                  : firstNonBlank(localPart(email), sub, oid, localPart(upn));
           case AUTO -> firstNonBlank(localPart(email), localPart(upn), sub, oid);
         };