diff --git a/src/Core/Auth/Models/Api/Request/Accounts/RegisterSendVerificationEmailRequestModel.cs b/src/Core/Auth/Models/Api/Request/Accounts/RegisterSendVerificationEmailRequestModel.cs
index 1b8152ce74..75a4da081a 100644
--- a/src/Core/Auth/Models/Api/Request/Accounts/RegisterSendVerificationEmailRequestModel.cs
+++ b/src/Core/Auth/Models/Api/Request/Accounts/RegisterSendVerificationEmailRequestModel.cs
@@ -7,9 +7,8 @@ namespace Bit.Core.Auth.Models.Api.Request.Accounts;
 public class RegisterSendVerificationEmailRequestModel
 {
     [StringLength(50)] public string? Name { get; set; }
-    [Required]
     [StrictEmailAddress]
     [StringLength(256)]
-    public string Email { get; set; }
+    public required string Email { get; set; }
     public bool ReceiveMarketingEmails { get; set; }
 }
diff --git a/src/Core/Auth/Models/Api/Request/Accounts/RegisterVerificationEmailClickedRequestModel.cs b/src/Core/Auth/Models/Api/Request/Accounts/RegisterVerificationEmailClickedRequestModel.cs
index 4de8d563c8..e33df6fc3a 100644
--- a/src/Core/Auth/Models/Api/Request/Accounts/RegisterVerificationEmailClickedRequestModel.cs
+++ b/src/Core/Auth/Models/Api/Request/Accounts/RegisterVerificationEmailClickedRequestModel.cs
@@ -6,12 +6,10 @@ namespace Bit.Core.Auth.Models.Api.Request.Accounts;
 
 public class RegisterVerificationEmailClickedRequestModel
 {
-    [Required]
     [StrictEmailAddress]
     [StringLength(256)]
-    public string Email { get; set; }
+    public required string Email { get; set; }
 
-    [Required]
-    public string EmailVerificationToken { get; set; }
+    public required string EmailVerificationToken { get; set; }
 
 }
diff --git a/src/Core/Auth/Services/Implementations/AuthRequestService.cs b/src/Core/Auth/Services/Implementations/AuthRequestService.cs
index e59177d9fd..a27112425b 100644
--- a/src/Core/Auth/Services/Implementations/AuthRequestService.cs
+++ b/src/Core/Auth/Services/Implementations/AuthRequestService.cs
@@ -122,6 +122,7 @@ public class AuthRequestService : IAuthRequestService
                 throw new BadRequestException("User does not belong to any organizations.");
             }
 
+            Debug.Assert(user is not null, "user should have been validated to be non-null and thrown if it's not.");
             // A user event will automatically create logs for each organization/provider this user belongs to.
             await _eventService.LogUserEventAsync(user.Id, EventType.User_RequestedDeviceApproval);
 
@@ -136,6 +137,7 @@ public class AuthRequestService : IAuthRequestService
             return firstAuthRequest!;
         }
 
+        Debug.Assert(user is not null, "user should have been validated to be non-null and thrown if it's not.");
         var authRequest = await CreateAuthRequestAsync(model, user, organizationId: null);
         await _pushNotificationService.PushAuthRequestAsync(authRequest);
         return authRequest;
diff --git a/src/Identity/IdentityServer/CustomTokenRequestValidator.cs b/src/Identity/IdentityServer/CustomTokenRequestValidator.cs
index 45024075c5..3af1337ee2 100644
--- a/src/Identity/IdentityServer/CustomTokenRequestValidator.cs
+++ b/src/Identity/IdentityServer/CustomTokenRequestValidator.cs
@@ -1,4 +1,5 @@
-using System.Security.Claims;
+using System.Diagnostics;
+using System.Security.Claims;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Auth.Identity;
 using Bit.Core.Auth.Models.Api.Response;
@@ -58,6 +59,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
 
     public async Task ValidateAsync(CustomTokenRequestValidationContext context)
     {
+        Debug.Assert(context.Result is not null);
         if (context.Result.ValidatedRequest.GrantType == "refresh_token")
         {
             // Force legacy users to the web for migration
@@ -93,6 +95,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
     protected async override Task<bool> ValidateContextAsync(CustomTokenRequestValidationContext context,
         CustomValidatorRequestContext validatorContext)
     {
+        Debug.Assert(context.Result is not null);
         var email = context.Result.ValidatedRequest.Subject?.GetDisplayName()
                     ?? context.Result.ValidatedRequest.ClientClaims
                         ?.FirstOrDefault(claim => claim.Type == JwtClaimTypes.Email)?.Value;
@@ -107,6 +110,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
     protected override Task SetSuccessResult(CustomTokenRequestValidationContext context, User user,
         List<Claim> claims, Dictionary<string, object> customResponse)
     {
+        Debug.Assert(context.Result is not null);
         context.Result.CustomResponse = customResponse;
         if (claims?.Any() ?? false)
         {
@@ -156,14 +160,16 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
         return Task.CompletedTask;
     }
 
-    protected override ClaimsPrincipal GetSubject(CustomTokenRequestValidationContext context)
+    protected override ClaimsPrincipal? GetSubject(CustomTokenRequestValidationContext context)
     {
+        Debug.Assert(context.Result is not null);
         return context.Result.ValidatedRequest.Subject;
     }
 
     protected override void SetTwoFactorResult(CustomTokenRequestValidationContext context,
         Dictionary<string, object> customResponse)
     {
+        Debug.Assert(context.Result is not null);
         context.Result.Error = "invalid_grant";
         context.Result.ErrorDescription = "Two factor required.";
         context.Result.IsError = true;
@@ -173,6 +179,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
     protected override void SetSsoResult(CustomTokenRequestValidationContext context,
         Dictionary<string, object> customResponse)
     {
+        Debug.Assert(context.Result is not null);
         context.Result.Error = "invalid_grant";
         context.Result.ErrorDescription = "Single Sign on required.";
         context.Result.IsError = true;
@@ -182,6 +189,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
     protected override void SetErrorResult(CustomTokenRequestValidationContext context,
         Dictionary<string, object> customResponse)
     {
+        Debug.Assert(context.Result is not null);
         context.Result.Error = "invalid_grant";
         context.Result.IsError = true;
         context.Result.CustomResponse = customResponse;
diff --git a/src/Identity/IdentityServer/ResourceOwnerPasswordValidator.cs b/src/Identity/IdentityServer/ResourceOwnerPasswordValidator.cs
index 30a5d821da..cb63bd94ed 100644
--- a/src/Identity/IdentityServer/ResourceOwnerPasswordValidator.cs
+++ b/src/Identity/IdentityServer/ResourceOwnerPasswordValidator.cs
@@ -22,7 +22,6 @@ public class ResourceOwnerPasswordValidator : BaseRequestValidator<ResourceOwner
     IResourceOwnerPasswordValidator
 {
     private UserManager<User> _userManager;
-    private readonly IUserService _userService;
     private readonly ICurrentContext _currentContext;
     private readonly ICaptchaValidationService _captchaValidationService;
     private readonly IAuthRequestRepository _authRequestRepository;
@@ -55,7 +54,6 @@ public class ResourceOwnerPasswordValidator : BaseRequestValidator<ResourceOwner
               tokenDataFactory, featureService, ssoConfigRepository, userDecryptionOptionsBuilder)
     {
         _userManager = userManager;
-        _userService = userService;
         _currentContext = currentContext;
         _captchaValidationService = captchaValidationService;
         _authRequestRepository = authRequestRepository;