JwtBearerHandler logs the provided token when SecurityTokenValidators are not able to read the token

[vh-vahan]

I can see the following being logged -
Bearer was not authenticated. Failure message: No SecurityTokenValidator available for token: "the provided access token"

JwtBearerHandler returns this error here when none of the SecurityTokenValidators can handle the provided token

aspnetcore/src/Security/Authentication/JwtBearer/src/JwtBearerHandler.cs

Line 184 in 0f37ede

return AuthenticateResult.Fail("No SecurityTokenValidator available for token: " + token ?? "[null]");

and the AuthenticationHandler logs the error -

aspnetcore/src/Security/Authentication/Core/src/AuthenticationHandler.cs

Line 219 in 0f37ede

Logger.AuthenticationSchemeNotAuthenticatedWithFailure(Scheme.Name, result.Failure.Message);

aspnetcore/src/Security/Authentication/Core/src/LoggingExtensions.cs

Line 39 in cb9ed02

_authenticationSchemeNotAuthenticatedWithFailure = LoggerMessage.Define<string, string>(

_authenticationSchemeNotAuthenticatedWithFailure = LoggerMessage.Define<string, string>( eventId: new EventId(7, "AuthenticationSchemeNotAuthenticatedWithFailure"), logLevel: LogLevel.Information, formatString: "{AuthenticationScheme} was not authenticated. Failure message: {FailureMessage}");

Seeing that it contains PII wondering if the token should be removed from the logged message.

[blowdart]

Addressed in #35246