We currently warn! on a missing or invalid Heroku secret. We don't do the same thing for Slack bearer tokens, probably because it's implemented in a more shorthand way via ValidateRequestHeaderLayer. We should be logging this because in this type of application any such occurrences are likely to be due to a bug or bad configuration somewhere.
There may be a wider question here about our lack of logging on invalid requests aside from the resultant status code. The client tends to get more information in the body at least.
We currently
warn!on a missing or invalid Heroku secret. We don't do the same thing for Slack bearer tokens, probably because it's implemented in a more shorthand way viaValidateRequestHeaderLayer. We should be logging this because in this type of application any such occurrences are likely to be due to a bug or bad configuration somewhere.There may be a wider question here about our lack of logging on invalid requests aside from the resultant status code. The client tends to get more information in the body at least.