JWTBroker: move error message

adutra · adutra · commit bdf3a5049864 · 2025-08-12T21:43:12.000+02:00
This change moves the `LOGGER.error` call when a token cannot be verified from `verify()` to `generateFromToken()`.

On the token generation path, this should be a no-op; however, on the authentication path, this log message was excessive, especially when using mixed authentication since a failure to decode a token is perfectly normal when the token is from an external IDP.
diff --git a/runtime/service/src/main/java/org/apache/polaris/service/auth/JWTBroker.java b/runtime/service/src/main/java/org/apache/polaris/service/auth/JWTBroker.java
@@ -89,7 +89,6 @@ public String getScope() {
       };
 
     } catch (JWTVerificationException e) {
-      LOGGER.error("Failed to verify the token with error", e);
       throw new NotAuthorizedException("Failed to verify the token");
     }
   }
@@ -115,6 +114,7 @@ public TokenResponse generateFromToken(
     try {
       decodedToken = verify(subjectToken);
     } catch (NotAuthorizedException e) {
+      LOGGER.error("Failed to verify the token", e.getCause());
       return new TokenResponse(Error.invalid_client);
     }
     EntityResult principalLookup =

Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,6 @@ public String getScope() {`
`89`	`89`	`};`
`90`	`90`
`91`	`91`	`} catch (JWTVerificationException e) {`
`92`		`- LOGGER.error("Failed to verify the token with error", e);`
`93`	`92`	`throw new NotAuthorizedException("Failed to verify the token");`
`94`	`93`	`}`
`95`	`94`	`}`
`@@ -115,6 +114,7 @@ public TokenResponse generateFromToken(`
`115`	`114`	`try {`
`116`	`115`	`decodedToken = verify(subjectToken);`
`117`	`116`	`} catch (NotAuthorizedException e) {`
	`117`	`+ LOGGER.error("Failed to verify the token", e.getCause());`
`118`	`118`	`return new TokenResponse(Error.invalid_client);`
`119`	`119`	`}`
`120`	`120`	`EntityResult principalLookup =`