diff --git a/changelog/unreleased/remove-log-secret.md b/changelog/unreleased/remove-log-secret.md
new file mode 100644
index 00000000000..cfdf7925427
--- /dev/null
+++ b/changelog/unreleased/remove-log-secret.md
@@ -0,0 +1,5 @@
+Enhancement: Remove the JWT from the log 
+
+We were logging the JWT in some places. Secrets should not be exposed in logs so it got removed.
+
+https://github.com/owncloud/ocis/pull/1758
diff --git a/ocis-pkg/middleware/openidconnect.go b/ocis-pkg/middleware/openidconnect.go
index c983c2fed8f..d33fbd9d680 100644
--- a/ocis-pkg/middleware/openidconnect.go
+++ b/ocis-pkg/middleware/openidconnect.go
@@ -85,7 +85,7 @@ func OpenIDConnect(opts ...ocisoidc.Option) func(http.Handler) http.Handler {
 			}
 			userInfo, err := oidcProvider.UserInfo(customCtx, oauth2.StaticTokenSource(oauth2Token))
 			if err != nil {
-				opt.Logger.Error().Err(err).Str("token", string(token)).Msg("Failed to get userinfo")
+				opt.Logger.Error().Err(err).Msg("Failed to get userinfo")
 				http.Error(w, ErrInvalidToken.Error(), http.StatusUnauthorized)
 				return
 			}
diff --git a/proxy/pkg/middleware/oidc_auth.go b/proxy/pkg/middleware/oidc_auth.go
index e4177060c6b..f05aaef2090 100644
--- a/proxy/pkg/middleware/oidc_auth.go
+++ b/proxy/pkg/middleware/oidc_auth.go
@@ -91,7 +91,7 @@ func (m oidcAuth) getClaims(token string, req *http.Request) (claims oidc.Standa
 			oauth2.StaticTokenSource(oauth2Token),
 		)
 		if err != nil {
-			m.logger.Error().Err(err).Str("token", token).Msg("Failed to get userinfo")
+			m.logger.Error().Err(err).Msg("Failed to get userinfo")
 			status = http.StatusUnauthorized
 			return
 		}