For authorization, the X-Userinfo header is checking for email address to determine if a user is authorized; however, if a demo account is created in keycloak without an email address (only a username), then only a username will be present. We should simply check for "username" from the header since this covers both use cases (e.g. only a username or username and email address are the same).
Similarly, IN-CORE passes in x-auth-userinfo header for the user information. We should add a check for this header and parse the user info from that.