diff --git a/src/websocket/session.rs b/src/websocket/session.rs
index a796ff1..b48353a 100644
--- a/src/websocket/session.rs
+++ b/src/websocket/session.rs
@@ -1,7 +1,7 @@
 use std::sync::Arc;
 
 use aes_gcm::{Aes256Gcm, aead::AeadMut};
-use log::info;
+use log::{error, info, warn};
 use p256::elliptic_curve::sec1::{FromEncodedPoint, ToEncodedPoint};
 use rand::Rng;
 use tokio::time::Instant;
@@ -75,11 +75,27 @@ pub(crate) async fn verify_token(
     let keys = { state.jwk_encoding_keys.read().unwrap() };
 
     for key in keys.iter() {
-        if let Ok(token_data) = jsonwebtoken::decode::<FirebaseJwtClaims>(token, key, &validation) {
-            return Ok(token_data.claims.sub);
+        match jsonwebtoken::decode::<FirebaseJwtClaims>(token, key, &validation) {
+            Ok(token_data) => {
+                return Ok(token_data.claims.sub);
+            }
+            Err(e) => {
+                error!("failed to decode jwt: {e:?}");
+            }
         }
     }
 
+    if let Ok(td) = jsonwebtoken::dangerous::insecure_decode::<serde_json::Value>(token) {
+        let kid = td.header.kid;
+        error!(
+            "Invalid Firebase Token signature or metadata mismatch, kid: {:?}, from {:?} ({:?})",
+            kid.clone(),
+            td.claims.get("name"),
+            td.claims.get("email")
+        );
+        warn!("current token: {token}");
+    }
+
     Err(Box::from(
         "Invalid Firebase Token signature or metadata mismatch",
     ))