MW feedback

Author: stephmarie17

source/fundamentals/enterprise-auth.txt

@@ -129,7 +129,7 @@ authentication mechanism to authenticate to various platforms.
 To learn more about the MONGODB-OIDC authentication mechanism, see
 :manual:`OpenID Connect Authentication </core/security-oidc/>` and
 :manual:`MongoDB Server Parameters </reference/parameters/#mongodb-parameter-param.oidcIdentityProviders>`
-in the server manual.
+in the {+server+} manual.
 
 .. _rust-mongodb-oidc-azure-imds:
 
@@ -142,17 +142,21 @@ If your application runs on an Azure VM, or otherwise uses the
 built-in Azure support.
 
 You can configure OIDC for Azure IMDS by setting the ``mechanism`` field of your
-``Credential`` struct to ``AuthMechanism::MongoDBOidc``. The following example
-specifies the authentication mechanism by using the following placeholders:
+``Credential`` struct to ``AuthMechanism::MongoDBOidc``. Then, specify the
+authentication mechanism by seting the following values in the
+``mechanism_properties`` field:
 
 - ``username``:  If you're using an Azure managed identity, set this to the
   client ID of the managed identity. If you're using a service principal to
   represent an enterprise application, set this to the application ID of the
   service principal.
 - ``mechanism_properties``: Set the ``ENVIRONMENT`` property to ``azure`` and
-  the ``TOKEN_RESOURCE`` to with the value of the audience parameter configured
+  the ``TOKEN_RESOURCE`` to the value of the audience parameter configured
   on your MongoDB deployment.
 
+The following code example shows how to set these options when creating a
+``Client``:
+
 .. literalinclude:: /includes/fundamentals/code-snippets/enterprise-auth.rs
    :language: rust
    :dedent:
@@ -194,16 +198,15 @@ The following code example shows how to set these options when creating a
 Custom Callback
 ~~~~~~~~~~~~~~~
 
-The {+driver-short+} doesn't offer built-in support for all platforms,
-including the AWS Elastic Kubernetes Service (EKS). To authenticate
-against unsupported platforms, you must define a custom callback
-function to use OIDC to authenticate.
+The {+driver-short+} doesn't offer built-in support for all platforms, including
+the AWS Elastic Kubernetes Service (EKS). To use OIDC to authenticate against
+unsupported platforms, you must define a custom callback function.
 
-The following example defines a custom callback for an EKS cluster with a
-configured Identity and Access Management (IAM) OIDC provider. The access token
-is read from a path set in the ``AWS_WEB_IDENTITY_TOKEN_FILE`` environment
-variable. Then, you can set the ``oidc_callback`` field of your ``Credential``
-struct to ``oidc::Callback::machine``:
+First, define a custom callback for an EKS cluster with a configured Identity
+and Access Management (IAM) OIDC provider. Then, read the access token from a
+path set in the ``AWS_WEB_IDENTITY_TOKEN_FILE`` environment variable. Finally,
+set the ``oidc_callback`` field of your ``Credential`` struct to
+``oidc::Callback::machine`` as shown in the following example:
 
 .. literalinclude:: /includes/fundamentals/code-snippets/enterprise-auth.rs
    :language: rust
@@ -220,8 +223,9 @@ following process:
 
 1. The driver retrieves the Identity Provider Information (IDPInfo) for the
    provided username.
-2. The callback negotiates with the IDP to obtain an ``AccessToken``, possible
-   ``RefreshToken``, and any timeouts, then returns them.
+#. The callback negotiates with the IDP to obtain an ``AccessToken``, and any
+   potential ``RefreshToken`` and timeout values, if configured, then returns
+   them.
 
 The following example defines a custom callback to handle workforce identity.
 The callback retrieves the IDPInfo for the provided username and negotiates with