[ https://issues.redhat.com/browse/WFWIP-280?page=com.atlassian.jira.plugin... ] Darran Lofthouse commented on WFWIP-280: ---------------------------------------- Reviewing the code within SmallRye JWT the primary issue that I actually see is not the content of the error messages i.e. the lack of ID but the level and verbosity of the messages. Under normal operation a server should expect to handle both valid and invalid tokens, although an invalid token is an error it is still normal and so should not result in per request logging so I have raised the following PR to see if they will accept lowering the log levels: - https://github.com/smallrye/smallrye-jwt/pull/156 As a third party project they can reject some / all of these proposed changes. A short term back up could be to turn off SmallRye JWT logging in our default configuration, longer term something that could be interesting to discuss is if internally we could re-map the levels for specific categories. -- This message was sent by Atlassian Jira (v7.13.8#713008)