diff --git a/internal/controller/oauth_controller.go b/internal/controller/oauth_controller.go
index acf20f1..be116c5 100644
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -73,8 +73,6 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
 		return
 	}
 
-	tlog.App.Debug().Interface("session", session).Msg("Created new OAuth session")
-
 	authUrl, err := controller.auth.GetOAuthURL(sessionId)
 
 	if err != nil {
@@ -145,8 +143,6 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 	c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
 
 	code := c.Query("code")
-
-	tlog.App.Debug().Str("code", code).Str("state", state).Msg("Received OAuth callback")
 	_, err = controller.auth.GetOAuthToken(sessionIdCookie, code)
 
 	if err != nil {
diff --git a/internal/service/auth_service.go b/internal/service/auth_service.go
index 90a2aec..05a5548 100644
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -671,7 +671,6 @@ func (auth *AuthService) CleanupOAuthSessionsRoutine() {
 
 	for range ticker.C {
 		auth.oauthMutex.Lock()
-		defer auth.oauthMutex.Unlock()
 
 		now := time.Now()
 
@@ -680,6 +679,8 @@ func (auth *AuthService) CleanupOAuthSessionsRoutine() {
 				delete(auth.oauthPendingSessions, sessionId)
 			}
 		}
+
+		auth.oauthMutex.Unlock()
 	}
 }
 
diff --git a/internal/service/oauth_service.go b/internal/service/oauth_service.go
index fc478a8..76f5a92 100644
--- a/internal/service/oauth_service.go
+++ b/internal/service/oauth_service.go
@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/utils/tlog"
 	"golang.org/x/oauth2"
 )
 
@@ -70,7 +69,6 @@ func (s *OAuthService) GetAuthURL(state string, verifier string) string {
 }
 
 func (s *OAuthService) GetToken(code string, verifier string) (*oauth2.Token, error) {
-	tlog.App.Debug().Str("code", code).Str("verifier", verifier).Msg("Exchanging code for token")
 	return s.config.Exchange(s.ctx, code, oauth2.VerifierOption(verifier))
 }