Is your feature request related to a problem? Please describe.
OidcTokenParser only extracts username and roles from the JWT. The groups and namespaces claims are ignored, so GroupBasedPolicy and NamespaceBasedPolicy never match for OIDC-authenticated users.
Describe the solution you'd like
Extract groups and namespaces claims from the decoded JWT in OidcTokenParser.user_details_from_access_token() and pass them to the User object. Default to empty list if the claims are absent.
Describe alternatives you've considered
None — the User model, policy classes, and enforcer already support groups and namespaces. Only the OIDC parser is missing the extraction.
Additional context
Affected file: sdk/python/feast/permissions/auth/oidc_token_parser.py
Is your feature request related to a problem? Please describe.
OidcTokenParseronly extractsusernameandrolesfrom the JWT. Thegroupsandnamespacesclaims are ignored, soGroupBasedPolicyandNamespaceBasedPolicynever match for OIDC-authenticated users.Describe the solution you'd like
Extract
groupsandnamespacesclaims from the decoded JWT inOidcTokenParser.user_details_from_access_token()and pass them to theUserobject. Default to empty list if the claims are absent.Describe alternatives you've considered
None — the
Usermodel, policy classes, and enforcer already support groups and namespaces. Only the OIDC parser is missing the extraction.Additional context
Affected file:
sdk/python/feast/permissions/auth/oidc_token_parser.py