I am currently using PAC4j v5.4.3 for my Java application, and I am using the default JwtAuthenticator with DirectBasicAuthClient for authenticating API requests. The JWT is set to be expired after 30 mins. When the JWT is expired, we observed quite a few of occurrences of error log like below (until the client application re-login):
2023-02-06T08:02:24.557 ERROR [qtp1368888679-667] org.pac4j.jwt.credentials.authenticator.JwtAuthenticator - The JWT is expired: no profile is built
The error log here caused confusion and false alarm in our logging monitoring system and we do not really want to treat it like a real "error" when the JWT expires.
I thought of creating a simple customized JwtAuthenticator and override the protected method "createJwtProfile()", which I plan to log the corresponding error in either warning/info level.
However, before I proceed with my proposed solution above, I would like to seek for more views and see if there is any other better solution.
