diff --git a/lib/context.js b/lib/context.js
index a872b6cb..2b0198f5 100644
--- a/lib/context.js
+++ b/lib/context.js
@@ -424,6 +424,7 @@ class ResponseContext {
     res.setHeader('cache-control', 'no-store');
     const logoutToken = req.body.logout_token;
     if (!logoutToken) {
+      debug('req.oidc.backchannelLogout() failed due to missing logout token', req.body);
       res.status(400).json({
         error: 'invalid_request',
         error_description: 'Missing logout_token',
@@ -444,6 +445,7 @@ class ResponseContext {
         algorithms: [config.idTokenSigningAlg],
       });
     } catch (e) {
+      debug('req.oidc.backchannelLogout() failed verifying jwt with: %s', e.message);
       res.status(400).json({
         error: 'invalid_request',
         error_description: e.message,
@@ -453,7 +455,7 @@ class ResponseContext {
     try {
       await onToken(token, config);
     } catch (e) {
-      debug('req.oidc.backchannelLogout() failed with: %s', e.message);
+      debug('req.oidc.backchannelLogout() failed logging out the token with: %s', e.message);
       res.status(400).json({
         error: 'application_error',
         error_description: `The application failed to invalidate the session.`,
diff --git a/middleware/auth.js b/middleware/auth.js
index 651342b2..7e2e20b7 100644
--- a/middleware/auth.js
+++ b/middleware/auth.js
@@ -22,7 +22,7 @@ const enforceLeadingSlash = (path) => {
  */
 const auth = function (params) {
   const config = getConfig(params);
-  debug('configuration object processed, resulting configuration: %O', config);
+  debug('configuration object processed, resulting configuration: %O', {...config, clientSecret: "REDACTED", secret: "REDACTED"});
   const router = new express.Router();
   const transient = new TransientCookieHandler(config);