From df3c432ed6e5b47f06970251024fd93038a1e6cd Mon Sep 17 00:00:00 2001
From: David Robertson <davidr@element.io>
Date: Thu, 12 May 2022 17:27:39 +0100
Subject: [PATCH 1/3] Downgrade some OIDC exceptions to warnings

This means we won't get tracebacks reported to Sentry.

There are other `logger.exception` and `logger.error` calls in this
file. I tried to only target errors that

- show up a lot in Sentry
- don't sound like our fault
- are still reported to the end-user by other means.

Closes #12707.
---
 synapse/handlers/oidc.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/synapse/handlers/oidc.py b/synapse/handlers/oidc.py
index f6ffb7d18d91..0710d6a3f552 100644
--- a/synapse/handlers/oidc.py
+++ b/synapse/handlers/oidc.py
@@ -220,11 +220,11 @@ async def handle_oidc_callback(self, request: SynapseRequest) -> None:
                 session, state
             )
         except (MacaroonInitException, MacaroonDeserializationException, KeyError) as e:
-            logger.exception("Invalid session for OIDC callback")
+            logger.warning("Invalid session for OIDC callback: %s", e)
             self._sso_handler.render_error(request, "invalid_session", str(e))
             return
         except MacaroonInvalidSignatureException as e:
-            logger.exception("Could not verify session for OIDC callback")
+            logger.warning("Could not verify session for OIDC callback: %s", e)
             self._sso_handler.render_error(request, "mismatching_session", str(e))
             return
 
@@ -827,7 +827,7 @@ async def handle_oidc_callback(
             logger.debug("Exchanging OAuth2 code for a token")
             token = await self._exchange_code(code)
         except OidcError as e:
-            logger.exception("Could not exchange OAuth2 code")
+            logger.warning("Could not exchange OAuth2 code: %s", e)
             self._sso_handler.render_error(request, e.error, e.error_description)
             return
 

From d186cf5e40172ab19d217470db25696158a2f85a Mon Sep 17 00:00:00 2001
From: David Robertson <davidr@element.io>
Date: Thu, 12 May 2022 17:31:34 +0100
Subject: [PATCH 2/3] Changelog

---
 changelog.d/12723.misc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/12723.misc

diff --git a/changelog.d/12723.misc b/changelog.d/12723.misc
new file mode 100644
index 000000000000..4f5bffeda639
--- /dev/null
+++ b/changelog.d/12723.misc
@@ -0,0 +1 @@
+Downgrade some OIDC errors to warnings in the logs, to reduce the noise of Sentry reports.

From 016fc20f7e91c9f96b3ce9c17e670ac15ed4c0f9 Mon Sep 17 00:00:00 2001
From: David Robertson <davidr@element.io>
Date: Wed, 18 May 2022 16:25:41 +0100
Subject: [PATCH 3/3] Keep MacaroonInitException logged as exceptions

Seems to be a legit application bug. See #12787.
---
 synapse/handlers/oidc.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/synapse/handlers/oidc.py b/synapse/handlers/oidc.py
index 0710d6a3f552..9de61d554f41 100644
--- a/synapse/handlers/oidc.py
+++ b/synapse/handlers/oidc.py
@@ -220,7 +220,7 @@ async def handle_oidc_callback(self, request: SynapseRequest) -> None:
                 session, state
             )
         except (MacaroonInitException, MacaroonDeserializationException, KeyError) as e:
-            logger.warning("Invalid session for OIDC callback: %s", e)
+            logger.exception("Invalid session for OIDC callback")
             self._sso_handler.render_error(request, "invalid_session", str(e))
             return
         except MacaroonInvalidSignatureException as e: