From 88202512aa8ebc420b24d7b91c0c7aa19ef5c74e Mon Sep 17 00:00:00 2001
From: Benjosh95 <benjamin.fuertsch@inovex.de>
Date: Tue, 12 Aug 2025 08:41:33 +0200
Subject: [PATCH 1/2] fix: support get service account flow token again

---
 .../cmd/auth/get-access-token/get_access_token.go |  5 +++--
 internal/pkg/auth/auth.go                         | 15 +++++++++++----
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/internal/cmd/auth/get-access-token/get_access_token.go b/internal/cmd/auth/get-access-token/get_access_token.go
index 5e5b9d60b..d5b17d733 100644
--- a/internal/cmd/auth/get-access-token/get_access_token.go
+++ b/internal/cmd/auth/get-access-token/get_access_token.go
@@ -44,8 +44,9 @@ func NewCmd(params *params.CmdParams) *cobra.Command {
 				return &cliErr.SessionExpiredError{}
 			}
 
-			// Try to get a valid access token, refreshing if necessary
-			accessToken, err := auth.RefreshAccessToken(params.Printer)
+			// Get a valid access token for the current authentication flow
+			// For user flows: refreshes if necessary, for service account flows: returns current token
+			accessToken, err := auth.GetValidAccessToken(params.Printer)
 			if err != nil {
 				return err
 			}
diff --git a/internal/pkg/auth/auth.go b/internal/pkg/auth/auth.go
index 634813f24..9a9b48817 100644
--- a/internal/pkg/auth/auth.go
+++ b/internal/pkg/auth/auth.go
@@ -134,15 +134,22 @@ func getEmailFromToken(token string) (string, error) {
 	return claims.Email, nil
 }
 
-// RefreshAccessToken refreshes the access token if it's expired for the user token flow.
-// It returns the new access token or an error if the refresh fails.
-func RefreshAccessToken(p *print.Printer) (string, error) {
+// GetValidAccessToken returns a valid access token for the current authentication flow.
+// For user token flows, it refreshes the token if necessary.
+// For service account flows, it returns the current access token.
+func GetValidAccessToken(p *print.Printer) (string, error) {
 	flow, err := GetAuthFlow()
 	if err != nil {
 		return "", fmt.Errorf("get authentication flow: %w", err)
 	}
+
+	// For service account flows, just return the current token
+	if flow == AUTH_FLOW_SERVICE_ACCOUNT_TOKEN || flow == AUTH_FLOW_SERVICE_ACCOUNT_KEY {
+		return GetAccessToken()
+	}
+
 	if flow != AUTH_FLOW_USER_TOKEN {
-		return "", fmt.Errorf("token refresh is only supported for user token flow, current flow: %s", flow)
+		return "", fmt.Errorf("unsupported authentication flow: %s", flow)
 	}
 
 	// Load tokens from storage

From ae2b2d168345bd94370a922b511fa7e84260e851 Mon Sep 17 00:00:00 2001
From: Benjosh95 <benjamin.fuertsch@inovex.de>
Date: Tue, 12 Aug 2025 08:51:45 +0200
Subject: [PATCH 2/2] reduce duplicated docs

---
 internal/cmd/auth/get-access-token/get_access_token.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/internal/cmd/auth/get-access-token/get_access_token.go b/internal/cmd/auth/get-access-token/get_access_token.go
index d5b17d733..c0c59e294 100644
--- a/internal/cmd/auth/get-access-token/get_access_token.go
+++ b/internal/cmd/auth/get-access-token/get_access_token.go
@@ -44,8 +44,6 @@ func NewCmd(params *params.CmdParams) *cobra.Command {
 				return &cliErr.SessionExpiredError{}
 			}
 
-			// Get a valid access token for the current authentication flow
-			// For user flows: refreshes if necessary, for service account flows: returns current token
 			accessToken, err := auth.GetValidAccessToken(params.Printer)
 			if err != nil {
 				return err