IdentityServer Error LogLevel

[ruudhe]

Which version of Duende IdentityServer are you using?
IdentityServer 7.0.3
BFF 2.2.0

Which version of .NET are you using?
net8.0

Describe the bug
On a high volume public facing deployment our logs are spammed with IdentityServer Errors which are generated by security scans or wrong user input. The validators used in identityserver are logging all invalid requests as an Error, for example:

AuthorizeRequestValidator

IdentityServer/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs

Line 160 in 3527069

LogError("client_id is missing or too long", request);

IdentityServer/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs

Line 201 in 3527069

LogError("redirect_uri is missing or too long", request);

IdentityServer/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs

Line 226 in 3527069

LogError("Invalid redirect_uri", redirectUri, request);

ProtectedDataMessageStore

IdentityServer/src/IdentityServer/Stores/Default/ProtectedDataMessageStore.cs

Line 62 in 3527069

Logger.LogError(ex, "Exception reading protected message");

Expected behavior
We would like to request a change that the logging level for these kind of log statements can be configured from Error to Warning so error reporting would not give so much errors due to improper usage / url scanning.

[AndersAbel]

Thanks for your feedback, I think this makes sense. I'm transferring the issue to the main IdentityServer repo for triage/planning.