JWTBroker: move error message (#2330)

This change moves the `LOGGER.error` call when a token cannot be verified from `verify()` to `generateFromToken()`.

On the token generation path, this should be a no-op; however, on the authentication path, this log message was excessive, especially when using mixed authentication since a failure to decode a token is perfectly normal when the token is from an external IDP.

Author: adutra

runtime/service/src/main/java/org/apache/polaris/service/auth/JWTBroker.java

@@ -89,8 +89,8 @@ public String getScope() {
       };
 
     } catch (JWTVerificationException e) {
-      LOGGER.error("Failed to verify the token with error", e);
-      throw new NotAuthorizedException("Failed to verify the token");
+      throw (NotAuthorizedException)
+          new NotAuthorizedException("Failed to verify the token").initCause(e);
     }
   }
 
@@ -115,6 +115,7 @@ public TokenResponse generateFromToken(
     try {
       decodedToken = verify(subjectToken);
     } catch (NotAuthorizedException e) {
+      LOGGER.error("Failed to verify the token", e.getCause());
       return new TokenResponse(Error.invalid_client);
     }
     EntityResult principalLookup =