diff --git a/lib/pleroma/web/api_spec.ex b/lib/pleroma/web/api_spec.ex
index 22f76d4bf..41e48a085 100644
--- a/lib/pleroma/web/api_spec.ex
+++ b/lib/pleroma/web/api_spec.ex
@@ -22,7 +22,21 @@ def spec do
         version: Application.spec(:pleroma, :vsn) |> to_string()
       },
       # populate the paths from a phoenix router
-      paths: OpenApiSpex.Paths.from_router(Router)
+      paths: OpenApiSpex.Paths.from_router(Router),
+      components: %OpenApiSpex.Components{
+        securitySchemes: %{
+          "oAuth" => %OpenApiSpex.SecurityScheme{
+            type: "oauth2",
+            flows: %OpenApiSpex.OAuthFlows{
+              password: %OpenApiSpex.OAuthFlow{
+                authorizationUrl: "/oauth/authorize",
+                tokenUrl: "/oauth/token",
+                scopes: %{"read" => "read"}
+              }
+            }
+          }
+        }
+      }
     }
     # discover request/response schemas from path specs
     |> OpenApiSpex.resolve_schema_modules()
diff --git a/lib/pleroma/web/api_spec/operations/app_operation.ex b/lib/pleroma/web/api_spec/operations/app_operation.ex
index 2a4958acf..41d56693a 100644
--- a/lib/pleroma/web/api_spec/operations/app_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/app_operation.ex
@@ -51,8 +51,10 @@ def verify_credentials_operation do
       summary: "Verify your app works",
       description: "Confirm that the app's OAuth2 credentials work.",
       operationId: "AppController.verify_credentials",
-      parameters: [
-        Operation.parameter(:authorization, :header, :string, "Bearer <app token>", required: true)
+      security: [
+        %{
+          "oAuth" => ["read"]
+        }
       ],
       responses: %{
         200 =>