diff --git a/src/oidc.js b/src/oidc.js
index 690714e5d..8f79870eb 100644
--- a/src/oidc.js
+++ b/src/oidc.js
@@ -63,8 +63,6 @@ async function clientsAdd(id, data) {
     assert.strictEqual(typeof data.appId, 'string');
     assert(data.tokenSignatureAlgorithm === 'RS256' || data.tokenSignatureAlgorithm === 'EdDSA');
 
-    debug(`clientsAdd: id:${id} secret:${data.secret} name:${data.name} appId:${data.appId} loginRedirectUri:${data.loginRedirectUri} logoutRedirectUri:${data.logoutRedirectUri} tokenSignatureAlgorithm:${data.tokenSignatureAlgorithm}`);
-
     const query = `INSERT INTO ${OIDC_CLIENTS_TABLE_NAME} (id, secret, name, appId, loginRedirectUri, logoutRedirectUri, tokenSignatureAlgorithm) VALUES (?, ?, ?, ?, ?, ?, ?)`;
     const args = [ id, data.secret, data.name, data.appId, data.loginRedirectUri, data.logoutRedirectUri, data.tokenSignatureAlgorithm ];
 
@@ -76,8 +74,6 @@ async function clientsAdd(id, data) {
 async function clientsGet(id) {
     assert.strictEqual(typeof id, 'string');
 
-    debug(`clientsGet: id:${id}`);
-
     const result = await database.query(`SELECT ${OIDC_CLIENTS_FIELDS} FROM ${OIDC_CLIENTS_TABLE_NAME} WHERE id = ?`, [ id ]);
     if (result.length === 0) return null;
 
@@ -93,8 +89,6 @@ async function clientsUpdate(id, data) {
     assert.strictEqual(typeof data.appId, 'string');
     assert(data.tokenSignatureAlgorithm === 'RS256' || data.tokenSignatureAlgorithm === 'EdDSA');
 
-    debug(`clientsUpdate: id:${id} secret:${data.secret} name:${data.name} appId:${data.appId} loginRedirectUri:${data.loginRedirectUri} logoutRedirectUri:${data.logoutRedirectUri} tokenSignatureAlgorithm:${data.tokenSignatureAlgorithm}`);
-
     const result = await database.query(`UPDATE ${OIDC_CLIENTS_TABLE_NAME} SET secret=?, name=?, appId=?, loginRedirectUri=?, logoutRedirectUri=?, tokenSignatureAlgorithm=? WHERE id = ?`, [ data.secret, data.name, data.appId, data.loginRedirectUri, data.logoutRedirectUri, data.tokenSignatureAlgorithm, id]);
     if (result.affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'client not found');
 }
@@ -148,7 +142,7 @@ function save(modelName) {
     try {
         fs.writeFileSync(filePath, JSON.stringify(DATA_STORE[modelName]), 'utf8');
     } catch (e) {
-        debug(`revokeByUserId: failed to write ${filePath}`, e);
+        debug(`save: failed to write ${filePath}`, e);
     }
 }
 
@@ -159,8 +153,6 @@ function save(modelName) {
 async function revokeByUserId(userId) {
     assert.strictEqual(typeof userId, 'string');
 
-    debug(`revokeByUserId: userId:${userId}`);
-
     function revokeObjects(modelName) {
         load(modelName);
 
@@ -195,7 +187,7 @@ class CloudronAdapter {
     constructor(name) {
         this.name = name;
 
-        debug(`Creating storage adapter for ${name}`);
+        debug(`Creating OpenID storage adapter for ${name}`);
 
         if (this.name !== 'Client') {
             load(name);
@@ -215,8 +207,6 @@ class CloudronAdapter {
      *
      */
     async upsert(id, payload, expiresIn) {
-        debug(`[${this.name}] upsert id:${id} expiresIn:${expiresIn}`, payload);
-
         if (this.name === 'Client') {
             debug('upsert: this should not happen as it is stored in our db');
         } else {
@@ -236,8 +226,6 @@ class CloudronAdapter {
      *
      */
     async find(id) {
-        debug(`[${this.name}] find id:${id}`);
-
         if (this.name === 'Client') {
             const [error, client] = await safe(clientsGet(id));
             if (error) {
@@ -246,8 +234,6 @@ class CloudronAdapter {
             }
             if (!client) return null;
 
-            debug(`[${this.name}] find id:${id}`, client);
-
             const tmp = {};
             tmp.application_type = 'native';  // default is web but we want more flexible redirectUris and this is only used in https://github.com/panva/node-oidc-provider/blob/03c9bc513860e68ee7be84f99bfc9dc930b224e8/lib/helpers/client_schema.js#L53
             tmp.client_id = id;
@@ -276,8 +262,6 @@ class CloudronAdapter {
         } else {
             if (!DATA_STORE[this.name][id]) return null;
 
-            debug(`[${this.name}] find id:${id}`, DATA_STORE[this.name][id]);
-
             return DATA_STORE[this.name][id].payload;
         }
     }
@@ -308,8 +292,6 @@ class CloudronAdapter {
      *
      */
     async findByUid(uid) {
-        debug(`[${this.name}] findByUid uid:${uid}`);
-
         if (this.name === 'Client') {
             debug('findByUid: this should not happen as it is stored in our db');
         } else {
@@ -333,8 +315,6 @@ class CloudronAdapter {
      *
      */
     async consume(id) {
-        debug(`[${this.name}] consume id:${id}`);
-
         if (this.name === 'Client') {
             debug('consume: this should not happen as it is stored in our db');
         } else {
@@ -354,8 +334,6 @@ class CloudronAdapter {
      *
      */
     async destroy(id) {
-        debug(`[${this.name}] destroy id:${id}`);
-
         if (this.name === 'Client') {
             debug('destroy: this should not happen as it is stored in our db');
         } else {
@@ -375,8 +353,6 @@ class CloudronAdapter {
      *
      */
     async revokeByGrantId(grantId) {
-        debug(`[${this.name}] revokeByGrantId grantId:${grantId}`);
-
         if (this.name === 'Client') {
             debug('revokeByGrantId: this should not happen as it is stored in our db');
         } else {
@@ -400,8 +376,6 @@ function renderInteractionPage(provider) {
         try {
             const { uid, prompt, params, session } = await provider.interactionDetails(req, res);
 
-            debug(`route interaction get uid:${uid} prompt.name:${prompt.name} client_id:${params.client_id} session:${session}`);
-
             const client = await clientsGet(params.client_id);
 
             switch (prompt.name) {
@@ -450,12 +424,9 @@ function interactionLogin(provider) {
         const [detailsError, details] = await safe(provider.interactionDetails(req, res));
         if (detailsError) return next(new HttpError(500, detailsError));
 
-        const uid = details.uid;
         const prompt = details.prompt;
         const name = prompt.name;
 
-        debug(`route interaction login post uid:${uid} prompt.name:${name}`);
-
         assert.equal(name, 'login');
 
         if (!req.body.username || typeof req.body.username !== 'string') return next(new HttpError(400, 'A username must be non-empty string'));
@@ -562,8 +533,6 @@ function interactionAbort(provider) {
     assert.strictEqual(typeof provider, 'object');
 
     return async function (req, res, next) {
-        debug('route interaction abort');
-
         try {
             const result = {
                 error: 'access_denied',
@@ -585,8 +554,6 @@ function interactionAbort(provider) {
    *   or not return them in id tokens but only userinfo and so on.
    */
 async function claims(userId, use, scope) {
-    debug(`claims: userId:${userId} use:${use} scope:${scope}`);
-
     const [error, user] = await safe(users.get(userId));
     if (error) return { error: 'user not found' };
 
@@ -606,8 +573,6 @@ async function claims(userId, use, scope) {
         preferred_username: user.username
     };
 
-    debug(`claims: userId:${userId} result`, claims);
-
     return claims;
 }
 
@@ -632,8 +597,6 @@ async function postLogoutSuccessSource(ctx) {
 }
 
 async function findAccount(ctx, id) {
-    debug(`findAccount id:${id}`);
-
     return {
         accountId: id,
         async claims(use, scope) { return await claims(id, use, scope); },