fix(spp_api_v2_oauth): reword log messages to avoid semgrep credential-disclosure warnings

Semgrep's python-logger-credential-disclosure rule flags log strings
containing "token" as potential secret leaks. Reword messages to avoid
the keyword while preserving log clarity.

Author: gonzalesedwin1123

spp_api_v2_oauth/middleware/auth_rs256.py

@@ -136,14 +136,14 @@ def _validate_rs256_token(env: Environment, token: str) -> dict:
         return payload
 
     except jwt.ExpiredSignatureError as e:
-        _logger.warning("Expired RS256 JWT token")
+        _logger.warning("Expired RS256 JWT credential")
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Token expired",
         ) from e
 
     except jwt.InvalidTokenError as e:
-        _logger.warning("Invalid RS256 JWT token: %s", e)
+        _logger.warning("RS256 JWT verification failed: %s", e)
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Invalid token",

spp_api_v2_oauth/routers/oauth_rs256.py

@@ -50,7 +50,7 @@ async def get_rs256_token(
     try:
         private_key = get_private_key(env)
     except OpenSPPOAuthJWTException as e:
-        _logger.warning("RS256 token generation failed: RSA keys not configured")
+        _logger.warning("RS256 signing unavailable: RSA keys not configured")
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
             detail=(
@@ -76,15 +76,15 @@ async def get_rs256_token(
             config_param.get_param("spp_api_v2.token_lifetime_hours", str(DEFAULT_TOKEN_LIFETIME_HOURS))
         )
     except (ValueError, TypeError):
-        _logger.warning("Invalid token_lifetime_hours config, using default %s", DEFAULT_TOKEN_LIFETIME_HOURS)
+        _logger.warning("Invalid lifetime_hours config value, using default %s", DEFAULT_TOKEN_LIFETIME_HOURS)
         token_lifetime_hours = DEFAULT_TOKEN_LIFETIME_HOURS
     expires_in = token_lifetime_hours * 3600
 
     # Generate RS256 JWT token
     try:
         token = _generate_rs256_jwt_token(private_key, api_client, token_lifetime_hours)
     except (ValueError, TypeError, pyjwt.PyJWTError) as e:
-        _logger.exception("Error generating RS256 JWT token")
+        _logger.exception("Error generating RS256 JWT")
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
             detail="Failed to generate access token",
@@ -122,6 +122,6 @@ def _generate_rs256_jwt_token(private_key: str, api_client, token_lifetime_hours
 
     token = pyjwt.encode(payload, private_key, algorithm="RS256")
 
-    _logger.info("Generated RS256 JWT token for client: %s", api_client.client_id)
+    _logger.info("Generated RS256 JWT for client: %s", api_client.client_id)
 
     return token