Auth results can return an ambiguous actor, either user or
deploy token. Refactor to explicitly get user or deploy token
rather than accessing the actor directly.