Direct OIDC Mapping of ACLs with UI 0.25.1 can't see the included groups attribute

I have a POC set up to test my configuration for AKHQ's new ACL structure using Direct OICD Mapping . To produce the needed JWT structure, I've created a custom protocol mapper in keycloak which adds the groups attribute and acls to the token. However, when I log into AKHQ, I can see this error in the pod logs, ... Exception during Authentication: use-oidc-claim config requires attribute groups in the OIDC claim despite groups being in both the id token and the access token for testing.

Here is a snippet of my configuration:

akhq:
  default-group: no-roles
  oidc:
    enabled: true
    providers:
      keycloak:
        label: "Login with Keycloak"
        username-field: preferred_username
        groups-field: groups
        use-oidc-claim: true

And here is a sample of the id token that contains the groups attribute:

{
  "exp": 1725228553,
  "iat": 1725228493,
  "jti": "2fd02132-646f-47a4-8059-35e45568d06b",
  "iss": "http://localhost:8080/realms/master",
  "aud": "akhq",
  "sub": "a123346f-a37e-4369-807f-b313308a7ef4",
  "typ": "ID",
  "azp": "akhq",
  "sid": "bfc80bf8-6c10-46cb-8906-cab245b886e3",
  "acr": "1",
  "email_verified": true,
  "name": "john doe",
  "groups": { <----------- It's here :(
    "project-x": [
      {
        "role": "topic-reader",
        "patterns": [
          "test.*"
        ]
      },
      {
        "role": "group-reader",
        "patterns": [
          ".*"
        ]
      },
      {
        "role": "connect-reader",
        "patterns": [
          ".*"
        ]
      }
    ]
  },
  "preferred_username": "j.doe",
  "given_name": "john",
  "family_name": "doe",
  "email": "j.doe@example.com"
}

I'm not sure what I am missing or what I am doing wrong, so hopefully someone can suggest something.

tchiotludo / akhq

Direct OIDC Mapping of ACLs with UI 0.25.1 can't see the included groups attribute #1932