diff --git a/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs b/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs
index 7993874..8d6ca32 100644
--- a/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs
+++ b/NDB.Security.Authentication.Identity/IdentityAuthenticationHandler.cs
@@ -4,13 +4,14 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using NDB.Security.Authentication.Identity.Abstractions;
-using c = NDB.Security.Authentication.Identity.Constants;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http.Headers;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using c = NDB.Security.Authentication.Identity.Constants;
 
 namespace NDB.Security.Authentication.Identity
 {
@@ -18,12 +19,14 @@ namespace NDB.Security.Authentication.Identity
     {
         private readonly IIdentityService _identityService;
         private readonly IAuthenticationOptions _authenticationOptions;
+        private readonly ILogger<IdentityAuthenticationHandler> _logger;
 
-        public IdentityAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, IIdentityService identityService, IAuthenticationOptions authenticationOptions)
-            : base(options, logger, encoder, clock)
+        public IdentityAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory loggerFactory, UrlEncoder encoder, ISystemClock clock, IIdentityService identityService, IAuthenticationOptions authenticationOptions, ILogger<IdentityAuthenticationHandler> logger)
+            : base(options, loggerFactory, encoder, clock)
         {
             _identityService = identityService;
             _authenticationOptions = authenticationOptions;
+            _logger = logger;
         }
 
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
@@ -36,8 +39,9 @@ namespace NDB.Security.Authentication.Identity
                 {
                     tokenCore = await _identityService.Authorize(token);
                 }
-                catch
+                catch (Exception e)
                 {
+                    _logger.LogError(e, "Identity service authorization failed");
                     return AuthenticateResult.Fail("Invalid authorization");
                 }
 
@@ -67,7 +71,7 @@ namespace NDB.Security.Authentication.Identity
                 return token;
             }
 
-            if (_authenticationOptions.AcceptTokenFromQuery 
+            if (_authenticationOptions.AcceptTokenFromQuery
                 && Request.Query.Count > 0
                 && Request.Query.ContainsKey(c.QueryParams.Token))
             {