From 390ada8c380c1411d32995c923de4228c9ecea5f Mon Sep 17 00:00:00 2001
From: Imogen Kraak <imogen@tyk.io>
Date: Sun, 9 Nov 2025 21:42:19 +0000
Subject: [PATCH] Improve logging

---
 gateway/mw_jwt.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/gateway/mw_jwt.go b/gateway/mw_jwt.go
index a015514525e..b758df658c7 100644
--- a/gateway/mw_jwt.go
+++ b/gateway/mw_jwt.go
@@ -897,8 +897,10 @@ func (k *JWTMiddleware) processCentralisedJWT(r *http.Request, token *jwt.Token)
 	}
 
 	oauthClientID := ""
-	// Get the OAuth client ID if available:
+	// Get the OAuth client ID if available.
+	// This step is skipped for external IDPs if IDPClientIDMappingDisabled is set to true.
 	if !k.Spec.IDPClientIDMappingDisabled {
+		k.Logger().Debug("IDP client ID mapping enabled, attempting to retrieve OAuth client ID from claims.")
 		oauthClientID = k.getOAuthClientIDFromClaim(claims)
 	}
 
@@ -944,7 +946,8 @@ func (k *JWTMiddleware) processCentralisedJWT(r *http.Request, token *jwt.Token)
 				}
 			}
 		} else {
-			k.Logger().WithError(err).Debug("Couldn't get OAuth client")
+			k.Logger().WithError(err).
+				Warnf("Failed to retrieve OAuth client. For external IDPs, consider disabling IDP client ID mapping for better performance.")
 		}
 	}