From 9be4c289d86328e74876920cca42dda95693f11a Mon Sep 17 00:00:00 2001
From: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
Date: Fri, 11 Jun 2021 15:42:43 +0900
Subject: [PATCH] KEYCLOAK-18440 Improve logging for token introspection

---
 .../protocol/oidc/AccessTokenIntrospectionProvider.java        | 3 +++
 .../src/main/java/org/keycloak/protocol/oidc/TokenManager.java | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/services/src/main/java/org/keycloak/protocol/oidc/AccessTokenIntrospectionProvider.java b/services/src/main/java/org/keycloak/protocol/oidc/AccessTokenIntrospectionProvider.java
index f8c4e4ba9d..ea7a429162 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/AccessTokenIntrospectionProvider.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/AccessTokenIntrospectionProvider.java
@@ -18,6 +18,7 @@
 package org.keycloak.protocol.oidc;
 
 import com.fasterxml.jackson.databind.node.ObjectNode;
+import org.jboss.logging.Logger;
 import org.keycloak.TokenVerifier;
 import org.keycloak.common.VerificationException;
 import org.keycloak.crypto.SignatureProvider;
@@ -40,6 +41,7 @@ public class AccessTokenIntrospectionProvider implements TokenIntrospectionProvi
     private final KeycloakSession session;
     private final TokenManager tokenManager;
     private final RealmModel realm;
+    private static final Logger logger = Logger.getLogger(AccessTokenIntrospectionProvider.class);
 
     public AccessTokenIntrospectionProvider(KeycloakSession session) {
         this.session = session;
@@ -90,6 +92,7 @@ public class AccessTokenIntrospectionProvider implements TokenIntrospectionProvi
 
             accessToken = verifier.verify().getToken();
         } catch (VerificationException e) {
+            logger.debugf("JWT check failed: %s", e.getMessage());
             return null;
         }
 
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
index c8085c8fc8..e1bca46d7f 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
@@ -237,6 +237,7 @@ public class TokenManager {
                     .withChecks(NotBeforeCheck.forModel(client), TokenVerifier.IS_ACTIVE)
                     .verify();
         } catch (VerificationException e) {
+            logger.debugf("JWT check failed: %s", e.getMessage());
             return false;
         }
 
@@ -326,6 +327,7 @@ public class TokenManager {
                     .withChecks(NotBeforeCheck.forModel(session ,realm, user))
                     .verify();
         } catch (VerificationException e) {
+            logger.debugf("JWT check failed: %s", e.getMessage());
             return false;
         }
         return true;