diff --git a/app/Models/OAuth2/Client.php b/app/Models/OAuth2/Client.php
index 5784516b..c01be875 100644
--- a/app/Models/OAuth2/Client.php
+++ b/app/Models/OAuth2/Client.php
@@ -43,6 +43,12 @@
 #[ORM\Cache('NONSTRICT_READ_WRITE')] // Class Client
 class Client extends BaseEntity implements IClient
 {
+    private static array $allowed_otp_client_types = [
+        IClient::ApplicationType_JS_Client,
+        IClient::ApplicationType_Native,
+        IClient::ApplicationType_Web_App
+    ];
+
     /**
      * @var string
      */
@@ -1667,6 +1673,10 @@ public function isPasswordlessEnabled(): bool
 
     public function enablePasswordless(): void
     {
+        $app_type = $this->getApplicationType();
+        if (!in_array($this->getApplicationType(), self::$allowed_otp_client_types)) {
+            throw new ValidationException("This application type ($app_type) does not allow passwordless.");
+        }
         $this->otp_enabled = true;
         $this->otp_length = intval(Config::get("otp.length"));
         $this->otp_lifetime = intval(Config::get("otp.lifetime"));
diff --git a/resources/js/oauth2/profile/edit_client/actions.js b/resources/js/oauth2/profile/edit_client/actions.js
index dc33310a..94de1dbe 100644
--- a/resources/js/oauth2/profile/edit_client/actions.js
+++ b/resources/js/oauth2/profile/edit_client/actions.js
@@ -153,9 +153,12 @@ const normalizeEntity = (entity, entitySection) => {
                 normEntity.pkce_enabled = entity.pkce_enabled ? 1 : 0;
                 normEntity = normalizePKCEDependencies(normEntity);
             }
-            normEntity.otp_enabled = entity.otp_enabled ? 1 : 0;
-            normEntity.otp_length = entity.otp_length;
-            normEntity.otp_lifetime = entity.otp_lifetime;
+            normEntity.otp_enabled = 0;
+            if (entity.otp_enabled) {
+                normEntity.otp_enabled = 1;
+                normEntity.otp_length = entity.otp_length;
+                normEntity.otp_lifetime = entity.otp_lifetime;
+            }
 
             if ([appTypes.JSClient, appTypes.Native, appTypes.WebApp].includes(entity.application_type))
                  normEntity.max_allowed_user_sessions = entity.max_allowed_user_sessions;
diff --git a/resources/js/oauth2/profile/edit_client/components/security_settings_panel.js b/resources/js/oauth2/profile/edit_client/components/security_settings_panel.js
index ed39c0be..fe21fc14 100644
--- a/resources/js/oauth2/profile/edit_client/components/security_settings_panel.js
+++ b/resources/js/oauth2/profile/edit_client/components/security_settings_panel.js
@@ -71,13 +71,16 @@ const SecuritySettingsPanel = (
                                     onChange={handleUsePKCEChange}
                                 />
                             }
-                            <CheckboxFormControl
-                                id="otp_enabled"
-                                title="Use Passwordless?"
-                                tooltip="Use Passwordless Authentication"
-                                value={formik.values.otp_enabled}
-                                onChange={formik.handleChange}
-                            />
+                            {
+                                [appTypes.JSClient, appTypes.Native, appTypes.WebApp].includes(application_type) &&
+                                <CheckboxFormControl
+                                    id="otp_enabled"
+                                    title="Use Passwordless?"
+                                    tooltip="Use Passwordless Authentication"
+                                    value={formik.values.otp_enabled}
+                                    onChange={formik.handleChange}
+                                />
+                            }
                             {
                                 formik.values.otp_enabled &&
                                 <>