attaching ws-security tokens (issued by microsoft online federation gateway) to API calls

http://wp.me/s1fcz8-16434 shows how my thick client gets an access token - for use at an Exchange Online tenant. The process is largely identical to what typical library calls do. Of most importance is the fact that the token issued by the Online gateway is suitably prepped with the proof keys/tokens required to pass the API guards.

Using the Exchange Managed API classes, how to I attach these tokens so the SOAP requests minted by the library use them as the (api) credentials?

I note http://msdn.microsoft.com/en-us/library/exchange/microsoft.exchange.webservices.data.tokencredentials.tokencredentials(v=exchg.80).aspx.

Can I just assign an instance to the ExchangeSErvice credentials property?

When constructing it, and supplying the string form of the security token, does it expect a serialized GenericXMLSEcurity (security)token or a string-encoding of the XML of a specific assertion class/token (such as SAML1.1 assertion)?