diff --git a/authentik/core/models.py b/authentik/core/models.py
index 214e4217f..de64221b4 100644
--- a/authentik/core/models.py
+++ b/authentik/core/models.py
@@ -409,7 +409,7 @@ class TokenIntents(models.TextChoices):
     INTENT_RECOVERY = "recovery"
 
     # App-specific passwords
-    INTENT_APP_PASSWORD = "app_password"
+    INTENT_APP_PASSWORD = "app_password"  # nosec
 
 
 class Token(ManagedModel, ExpiringModel):
diff --git a/authentik/stages/password/__init__.py b/authentik/stages/password/__init__.py
index 9e42ec060..2bfdc92e1 100644
--- a/authentik/stages/password/__init__.py
+++ b/authentik/stages/password/__init__.py
@@ -1,4 +1,4 @@
 """Backend paths"""
 BACKEND_DJANGO = "django.contrib.auth.backends.ModelBackend"
 BACKEND_LDAP = "authentik.sources.ldap.auth.LDAPBackend"
-BACKEND_TOKEN = "authentik.core.token_auth.TokenBackend"
+BACKEND_TOKEN = "authentik.core.token_auth.TokenBackend"  # nosec
diff --git a/schema.yml b/schema.yml
index 271547231..38587c822 100644
--- a/schema.yml
+++ b/schema.yml
@@ -2515,6 +2515,7 @@ paths:
           type: string
           enum:
           - api
+          - app_password
           - recovery
           - verification
       - name: ordering
@@ -20382,6 +20383,7 @@ components:
     BackendsEnum:
       enum:
       - django.contrib.auth.backends.ModelBackend
+      - authentik.core.token_auth.TokenBackend
       - authentik.sources.ldap.auth.LDAPBackend
       type: string
     BindingTypeEnum:
@@ -22211,6 +22213,7 @@ components:
       - verification
       - api
       - recovery
+      - app_password
       type: string
     InvalidResponseActionEnum:
       enum: