Is your feature request related to a problem? Please describe.
OidcTokenParser only extracts username and roles from the JWT. The groups and namespaces claims are ignored, so GroupBasedPolicy and NamespaceBasedPolicy never match for OIDC-authenticated users.
Describe the solution you'd like
Extract groups and namespaces claims from the decoded JWT in OidcTokenParser.user_details_from_access_token() and pass them to the User object. Default to empty list if the claims are absent.
Describe alternatives you've considered
None — the User model, policy classes, and enforcer already support groups and namespaces. Only the OIDC parser is missing the extraction.
Additional context
Affected file: sdk/python/feast/permissions/auth/oidc_token_parser.py
Reactions are currently unavailable
Is your feature request related to a problem? Please describe.
OidcTokenParser only extracts username and roles from the JWT. The groups and namespaces claims are ignored, so GroupBasedPolicy and NamespaceBasedPolicy never match for OIDC-authenticated users.
Describe the solution you'd like
Extract groups and namespaces claims from the decoded JWT in OidcTokenParser.user_details_from_access_token() and pass them to the User object. Default to empty list if the claims are absent.
Describe alternatives you've considered
None — the User model, policy classes, and enforcer already support groups and namespaces. Only the OIDC parser is missing the extraction.
Additional context
Affected file: sdk/python/feast/permissions/auth/oidc_token_parser.py