Comments from review

src/Security/Authentication/JwtBearer/src/JwtBearerOptions.cs

@@ -142,7 +142,7 @@ public JwtBearerOptions()
     public bool IncludeErrorDetails { get; set; } = true;
 
     /// <summary>
-    /// Gets or sets the <see cref="MapInboundClaims"/> property on the default instance of <see cref="JwtSecurityTokenHandler"/> in SecurityTokenValidators, or <see cref="JsonWebTokenHandler"/> in TokenHandlers which is used when determining
+    /// Gets or sets the <see cref="MapInboundClaims"/> property on the default instance of <see cref="JwtSecurityTokenHandler"/> in SecurityTokenValidators, or <see cref="JsonWebTokenHandler"/> in TokenHandlers, which is used when determining
     /// whether or not to map claim types that are extracted when validating a <see cref="JwtSecurityToken"/> or a <see cref="JsonWebToken"/>.
     /// <para>If this is set to true, the Claim Type is set to the JSON claim 'name' after translating using this mapping. Otherwise, no mapping occurs.</para>
     /// <para>The default value is true.</para>
@@ -178,10 +178,12 @@ public bool MapInboundClaims
     /// Gets or sets whether <see cref="TokenHandlers"/> or <see cref="SecurityTokenValidators"/> will be used to validate the inbound token.
     /// </summary>
     /// <remarks>
-    /// The advantage of using TokenHandlers are:
+    /// The advantages of using TokenHandlers are:
     /// <para>There is an Async model.</para>
     /// <para>The default token handler is a <see cref="JsonWebTokenHandler"/> which is faster than a <see cref="JwtSecurityTokenHandler"/>.</para>
     /// <para>There is an ability to make use of a Last-Known-Good model for metadata that protects applications when metadata is published with errors.</para>
+    /// SecurityTokenValidators can be used when <see cref="TokenValidatedContext.SecurityToken"/> needs a <see cref="JwtSecurityToken"/>.
+    /// When using TokenHandlers, <see cref="TokenValidatedContext.SecurityToken"/> will be a <see cref="JsonWebToken"/>. 
     /// </remarks>
     public bool UseSecurityTokenValidators { get; set; }
 }

src/Security/Authentication/OpenIdConnect/src/LoggingExtensions.cs

@@ -168,6 +168,6 @@ internal static partial class LoggingExtensions
     [LoggerMessage(56, LogLevel.Error, "Unable to validate the 'id_token', no suitable TokenHandler was found for: '{IdToken}'.", EventName = "UnableToValidateIdTokenFromHandler")]
     public static partial void UnableToValidateIdTokenFromHandler(this ILogger logger, string idToken);
 
-    [LoggerMessage(57, LogLevel.Error, "The Validated Security Token must be of type JsonWebToken, but instead its type is: '{SecurityTokenType}'", EventName = "InvalidSecurityTokenTypeFromHandler")]
-    public static partial void InvalidSecurityTokenTypeFromHandler(this ILogger logger, string? securityTokenType);
+    [LoggerMessage(57, LogLevel.Error, "The Validated Security Token must be of type JsonWebToken, but instead its type is: '{SecurityTokenType}.'", EventName = "InvalidSecurityTokenTypeFromHandler")]
+    public static partial void InvalidSecurityTokenTypeFromHandler(this ILogger logger, Type? securityTokenType);
 }

src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs

@@ -740,7 +740,7 @@ protected override async Task<HandleRequestResult> HandleRemoteAuthenticateAsync
                 }
                 else
                 {
-                    tokenEndpointUser = ValidateToken(tokenEndpointResponse.IdToken, properties, validationParameters, out  tokenEndpointJwt);
+                    tokenEndpointUser = ValidateToken(tokenEndpointResponse.IdToken, properties, validationParameters, out tokenEndpointJwt);
                 }
 
                 // Avoid reading & deleting the nonce cookie, running the event, etc, if it was already done as part of the authorization response validation.
@@ -1355,7 +1355,7 @@ private async Task<TokenValidationResult> ValidateTokenUsingHandlerAsync(string
 
         if (validatedToken is not JsonWebToken)
         {
-            Logger.InvalidSecurityTokenTypeFromHandler(validatedToken?.GetType().ToString());
+            Logger.InvalidSecurityTokenTypeFromHandler(validatedToken?.GetType());
             throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.ValidatedSecurityTokenNotJsonWebToken, validatedToken?.GetType()));
         }
 

src/Security/Authentication/OpenIdConnect/src/OpenIdConnectOptions.cs

@@ -269,7 +269,7 @@ public override void Validate()
     /// <summary>
     /// Gets or sets the <see cref="TokenHandler"/> used to validate identity tokens.
     /// <para>
-    /// This will be used instead of <see cref="SecurityTokenValidator"/> if <see cref="UseSecurityTokenValidator"/> is <see langword="false"/>
+    /// This will be used instead of <see cref="SecurityTokenValidator"/> if <see cref="UseSecurityTokenValidator"/> is <see langword="false"/>.
     /// </para>
     /// </summary>
     public TokenHandler TokenHandler { get; set; }
@@ -392,5 +392,13 @@ public bool MapInboundClaims
     /// <summary>
     /// Gets or sets whether to use the <see cref="TokenHandler"/> or the <see cref="SecurityTokenValidator"/> for validating identity tokens.
     /// </summary>
+    /// <remarks>
+    /// The advantages of using TokenHandler are:
+    /// <para>There is an Async model.</para>
+    /// <para>The default token handler is a <see cref="JsonWebTokenHandler"/> which is faster than a <see cref="JwtSecurityTokenHandler"/>.</para>
+    /// <para>There is an ability to make use of a Last-Known-Good model for metadata that protects applications when metadata is published with errors.</para>
+    /// SecurityTokenValidator can be used when <see cref="TokenValidatedContext.SecurityToken"/> needs a <see cref="JwtSecurityToken"/>.
+    /// When using TokenHandler, <see cref="TokenValidatedContext.SecurityToken"/> will be a <see cref="JsonWebToken"/>. 
+    /// </remarks>
     public bool UseSecurityTokenValidator { get; set; }
 }

src/Security/Authentication/OpenIdConnect/src/Resources.resx

@@ -136,7 +136,7 @@
     <value>Cannot process the message. Both id_token and code are missing.</value>
   </data>
   <data name="ValidatedSecurityTokenNotJsonWebToken" xml:space="preserve">
-    <value>The Validated Security Token must be of type JsonWebToken, but instead its tye is '{0}'.</value>
+    <value>The Validated Security Token must be of type JsonWebToken, but instead its type is '{0}'.</value>
   </data>
   <data name="UnableToValidateTokenFromHandler" xml:space="preserve">
     <value>Unable to validate the 'id_token', no suitable TokenHandler was found for: '{0}'."</value>

src/Security/Authentication/WsFederation/src/WsFederationHandler.cs

@@ -402,7 +402,6 @@ private void RequestRefresh(Exception exception)
         {
             Options.ConfigurationManager.RequestRefresh();
         }
-
     }
 
     /// <summary>

src/Security/Authentication/WsFederation/src/WsFederationOptions.cs

@@ -204,10 +204,12 @@ public TokenValidationParameters TokenValidationParameters
     /// Gets or sets whether <see cref="TokenHandlers"/> or <see cref="SecurityTokenHandlers"/> will be used to validate the inbound token.
     /// </summary>
     /// <remarks>
-    /// The advantage of using the TokenHandlers are:
+    /// The advantages of using the TokenHandlers are:
     /// <para>There is an Async model.</para>
     /// <para>The default token handler for JsonWebTokens is a <see cref="JsonWebTokenHandler"/> which is faster than a <see cref="JwtSecurityTokenHandler"/>.</para>
     /// <para>There is an ability to make use of a Last-Known-Good model for metadata that protects applications when metadata is published with errors.</para>
+    /// SecurityTokenHandlers can be used when <see cref="SecurityTokenValidatedContext.SecurityToken"/> needs a <see cref="JwtSecurityToken"/> when the security token is a JWT.
+    /// When using TokenHandlers, <see cref="SecurityTokenValidatedContext.SecurityToken"/> will be a <see cref="JsonWebToken"/> when the security token is a JWT.
     /// </remarks>
     public bool UseSecurityTokenHandlers { get; set; }
 }