From 3eac4f003d23f5e2e0f3346f1e6b6710e9d87104 Mon Sep 17 00:00:00 2001
From: Lai Jiang <jianglai@google.com>
Date: Wed, 26 Feb 2025 16:22:46 -0500
Subject: [PATCH] Reduce log level to info when no email is found from the OIDC
 token

This can happen on public endpoints (in pubapi) where the service is
behind IAP but all users (including not-logged-in ones) are allowed. IAP
will add an OIDC token with no email field in the request header.
---
 .../registry/request/auth/OidcTokenAuthenticationMechanism.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java b/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java
index 672653d9df6..5b91a9a0ef6 100644
--- a/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java
+++ b/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java
@@ -106,7 +106,7 @@ public AuthResult authenticate(HttpServletRequest request) {
 
     String email = (String) token.getPayload().get("email");
     if (email == null) {
-      logger.atWarning().log("No email address from the OIDC token:\n%s", token.getPayload());
+      logger.atInfo().log("No email address from the OIDC token:\n%s", token.getPayload());
       return AuthResult.NOT_AUTHENTICATED;
     }
     Optional<User> maybeUser =