Reduce log level to info when no email is found from the OIDC token (#…

…2694) This can happen on public endpoints (in pubapi) where the service is behind IAP but all users (including not-logged-in ones) are allowed. IAP will add an OIDC token with no email field in the request header.
google · Feb 26, 2025 · 5180095 · 5180095
1 parent 9fe64bf
commit 5180095
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java b/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java
@@ -106,7 +106,7 @@ public AuthResult authenticate(HttpServletRequest request) {
 
     String email = (String) token.getPayload().get("email");
     if (email == null) {
-      logger.atWarning().log("No email address from the OIDC token:\n%s", token.getPayload());
+      logger.atInfo().log("No email address from the OIDC token:\n%s", token.getPayload());
       return AuthResult.NOT_AUTHENTICATED;
     }
     Optional<User> maybeUser =