From 5180095cb69930602bd70946da5835276b59cd27 Mon Sep 17 00:00:00 2001
From: Lai Jiang <jianglai@google.com>
Date: Wed, 26 Feb 2025 17:17:45 -0500
Subject: [PATCH] Reduce log level to info when no email is found from the OIDC
 token (#2694)

This can happen on public endpoints (in pubapi) where the service is
behind IAP but all users (including not-logged-in ones) are allowed. IAP
will add an OIDC token with no email field in the request header.
---
 .../registry/request/auth/OidcTokenAuthenticationMechanism.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java b/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java
index 672653d9d..5b91a9a0e 100644
--- a/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java
+++ b/core/src/main/java/google/registry/request/auth/OidcTokenAuthenticationMechanism.java
@@ -106,7 +106,7 @@ public abstract class OidcTokenAuthenticationMechanism implements Authentication
 
     String email = (String) token.getPayload().get("email");
     if (email == null) {
-      logger.atWarning().log("No email address from the OIDC token:\n%s", token.getPayload());
+      logger.atInfo().log("No email address from the OIDC token:\n%s", token.getPayload());
       return AuthResult.NOT_AUTHENTICATED;
     }
     Optional<User> maybeUser =