diff --git a/src/Monocle/Api/Server.hs b/src/Monocle/Api/Server.hs
index 3237b4ad1..fe657171a 100644
--- a/src/Monocle/Api/Server.hs
+++ b/src/Monocle/Api/Server.hs
@@ -997,10 +997,14 @@ handleLoggedIn cookieSettings err codeM stateM = do
       let idToken = O.idToken tokens
           dayS = 24 * 3600
           expiry = addUTCTime dayS now
-          userId = aUserId oidcEnv idToken
+          (mWarning, userId) = aUserId oidcEnv idToken
           mUidMap = getIdents config $ "AuthProviderUID:" <> userId
           authenticatedUser = AUser mUidMap userId (truncate $ nominalDiffTimeToSeconds $ utcTimeToPOSIXSeconds expiry)
           jwtCfg = localJWTSettings aOIDC
+
+      forM_ mWarning \warning ->
+        logWarn "Could not find oidc_user_claim" ["msg" .= warning, "claims" .= O.otherClaims idToken]
+
       logInfo "OIDCProviderTokenRequested" ["id" .= show @Text idToken]
       -- Here we create the JWT Session Cookie that will be used by the browser to authenticate requests
       mApplyCookies <-
@@ -1027,14 +1031,14 @@ handleLoggedIn cookieSettings err codeM stateM = do
     Just (OIDCState _ (Just uri)) -> uri
     _ -> "/"
   -- Get the Token's claim that identify an unique user
-  aUserId :: OIDCEnv -> O.IdTokenClaims Value -> Text
+  aUserId :: OIDCEnv -> O.IdTokenClaims Value -> (Maybe Text, Text)
   aUserId OIDCEnv {providerConfig} idToken = case opUserClaim providerConfig of
     Just uc -> case O.otherClaims idToken of
       Object o -> case AKM.lookup (AK.fromText uc) o of
-        Just (String s) -> s
-        _ -> defaultUserId
-      _ -> defaultUserId
-    Nothing -> defaultUserId
+        Just (String s) -> (Nothing, s)
+        _ -> (Just ("Could not find oidc_user_claim " <> uc), defaultUserId)
+      _ -> (Just ("The token other claims is not an object!"), defaultUserId)
+    Nothing -> (Nothing, defaultUserId)
    where
     defaultUserId = sub idToken