diff --git a/authentik/core/models.py b/authentik/core/models.py
index 33508aac8..22563ecd0 100644
--- a/authentik/core/models.py
+++ b/authentik/core/models.py
@@ -456,6 +456,14 @@ class Token(ManagedModel, ExpiringModel):
         """Handler which is called when this object is expired."""
         from authentik.events.models import Event, EventAction
 
+        if self.intent in [
+            TokenIntents.INTENT_RECOVERY,
+            TokenIntents.INTENT_VERIFICATION,
+            TokenIntents.INTENT_APP_PASSWORD,
+        ]:
+            super().expire_action(*args, **kwargs)
+            return
+
         self.key = default_token_key()
         self.expires = default_token_duration()
         self.save(*args, **kwargs)
diff --git a/authentik/core/tests/test_token_api.py b/authentik/core/tests/test_token_api.py
index 9c9dbcbd5..27d6faf1e 100644
--- a/authentik/core/tests/test_token_api.py
+++ b/authentik/core/tests/test_token_api.py
@@ -54,7 +54,9 @@ class TestTokenAPI(APITestCase):
 
     def test_token_expire(self):
         """Test Token expire task"""
-        token: Token = Token.objects.create(expires=now(), user=get_anonymous_user())
+        token: Token = Token.objects.create(
+            expires=now(), user=get_anonymous_user(), intent=TokenIntents.INTENT_API
+        )
         key = token.key
         clean_expired_models.delay().get()
         token.refresh_from_db()