diff --git a/sdk/python/feast/permissions/auth/oidc_token_parser.py b/sdk/python/feast/permissions/auth/oidc_token_parser.py
index 355004f4de..91d3709744 100644
--- a/sdk/python/feast/permissions/auth/oidc_token_parser.py
+++ b/sdk/python/feast/permissions/auth/oidc_token_parser.py
@@ -78,6 +78,7 @@ async def user_details_from_access_token(self, access_token: str) -> User:
                     "verify_signature": True,
                     "verify_exp": True,
                 },
+                leeway=10,  # accepts tokens generated up to 10 seconds in the past, in case of clock skew
             )
 
             if "preferred_username" not in data:
diff --git a/sdk/python/feast/permissions/enforcer.py b/sdk/python/feast/permissions/enforcer.py
index f2b700b01d..af41d12a2c 100644
--- a/sdk/python/feast/permissions/enforcer.py
+++ b/sdk/python/feast/permissions/enforcer.py
@@ -44,7 +44,7 @@ def enforce_policy(
     _permitted_resources: list[FeastObject] = []
     for resource in resources:
         logger.debug(
-            f"Enforcing permission policies for {type(resource)}:{resource.name} to execute {actions}"
+            f"Enforcing permission policies for {type(resource).__name__}:{resource.name} to execute {actions}"
         )
         matching_permissions = [
             p
@@ -60,7 +60,7 @@ def enforce_policy(
                 )
                 evaluator.add_grant(
                     permission_grant,
-                    f"Permission {p.name} denied access: {permission_explanation}",
+                    f"Permission {p.name} denied execution of {[a.value.upper() for a in actions]} to {type(resource).__name__}:{resource.name}: {permission_explanation}",
                 )
 
                 if evaluator.is_decided():