diff --git a/go/cmd/dolt/commands/sqlserver/metrics_auth.go b/go/cmd/dolt/commands/sqlserver/metrics_auth.go
index 0965d3c10c..7b2b3c6083 100644
--- a/go/cmd/dolt/commands/sqlserver/metrics_auth.go
+++ b/go/cmd/dolt/commands/sqlserver/metrics_auth.go
@@ -17,6 +17,7 @@ package sqlserver
 import (
 	"errors"
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/sirupsen/logrus"
@@ -45,12 +46,16 @@ func validateJWT(jwksConfig *servercfg.JwksConfig, token string, reqTime time.Ti
 		return false, nil, fmt.Errorf("unable to validate JWT token: %w", err)
 	}
 
-	logString := "Metrics Auth with JWT: "
-	for _, field := range jwksConfig.FieldsToLog {
-		logString += fmt.Sprintf("%s: %s,", field, getClaimFromKey(privClaims, field))
+	if pr.Subject != privClaims.Subject {
+		return false, nil, fmt.Errorf("JWT token subject does not match subject claim")
 	}
 
-	logrus.Info(logString)
+	var keyValPairs []string
+	for _, field := range jwksConfig.FieldsToLog {
+		keyValPairs = append(keyValPairs, fmt.Sprintf("'%s': '%s'", field, getClaimFromKey(privClaims, field))
+	}
+
+	logrus.Info("Metrics Auth with JWT: " + strings.Join(keyValPairs, ", "))
 	return true, privClaims, nil
 }
 
diff --git a/go/cmd/dolt/commands/sqlserver/server.go b/go/cmd/dolt/commands/sqlserver/server.go
index 6b025ddfbf..9dace1ae0d 100644
--- a/go/cmd/dolt/commands/sqlserver/server.go
+++ b/go/cmd/dolt/commands/sqlserver/server.go
@@ -632,7 +632,7 @@ func ConfigureServices(
 
 						valid, _, err := validateJWT(jwksConfig, strings.TrimPrefix(auth, "Bearer "), time.Now())
 						if err != nil {
-							logrus.Warnf("JWT validation error for /metrics: %w", err)
+							logrus.Warnf("JWT validation error for /metrics: %v", err)
 							http.Error(w, "auth failed", http.StatusUnauthorized)
 							return
 						} else if !valid {
diff --git a/go/libraries/doltcore/servercfg/yaml_config_test.go b/go/libraries/doltcore/servercfg/yaml_config_test.go
index 74e1505553..42678dc997 100644
--- a/go/libraries/doltcore/servercfg/yaml_config_test.go
+++ b/go/libraries/doltcore/servercfg/yaml_config_test.go
@@ -64,9 +64,9 @@ metrics:
       name: jwks_name
       location_url: https://website.com
       claims: 
-        field1: a
-        field2: b
-      fields_to_log: [field1, field2]
+        iss: dolthub.com
+        aud: metrics
+      fields_to_log: [iss, aud]
 
 user_session_vars:
     - name: user0
@@ -121,10 +121,10 @@ jwks:
 			Name:        "jwks_name",
 			LocationUrl: "https://website.com",
 			Claims: map[string]string{
-				"field1": "a",
-				"field2": "b",
+				"iss": "dolthub.com",
+				"aud": "metrics",
 			},
-			FieldsToLog: []string{"field1", "field2"},
+			FieldsToLog: []string{"iss", "aud"},
 		},
 	}
 	expected.DataDirStr = ptr("some nonsense")