-
Notifications
You must be signed in to change notification settings - Fork 318
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IdentityServer Error LogLevel #1547
Labels
Comments
Thanks for your feedback, I think this makes sense. I'm transferring the issue to the main IdentityServer repo for triage/planning. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Which version of Duende IdentityServer are you using?
IdentityServer 7.0.3
BFF 2.2.0
Which version of .NET are you using?
net8.0
Describe the bug
On a high volume public facing deployment our logs are spammed with IdentityServer Errors which are generated by security scans or wrong user input. The validators used in identityserver are logging all invalid requests as an Error, for example:
AuthorizeRequestValidator
IdentityServer/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs
Line 160 in 3527069
IdentityServer/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs
Line 201 in 3527069
IdentityServer/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs
Line 226 in 3527069
ProtectedDataMessageStore
IdentityServer/src/IdentityServer/Stores/Default/ProtectedDataMessageStore.cs
Line 62 in 3527069
Expected behavior
We would like to request a change that the logging level for these kind of log statements can be configured from Error to Warning so error reporting would not give so much errors due to improper usage / url scanning.
The text was updated successfully, but these errors were encountered: