diff --git a/website/docs/policies/expression.mdx b/website/docs/policies/expression.mdx
index 256cf88f4..1c6200f6f 100644
--- a/website/docs/policies/expression.mdx
+++ b/website/docs/policies/expression.mdx
@@ -87,16 +87,38 @@ Additionally, when the policy is executed from a flow, every variable from the f
 This includes the following:
 
 -   `context['flow_plan']`: The actual flow plan itself, can be used to inject stages.
--   `context['prompt_data']`: Data which has been saved from a prompt stage or an external source.
--   `context['application']`: The application the user is in the process of authorizing.
+-   `context['redirect']`: The URL the user should be redirected to after the flow execution succeeds. (Optional)
+-   `context['prompt_data']`: Data which has been saved from a prompt stage or an external source. (Optional)
+-   `context['application']`: The application the user is in the process of authorizing. (Optional)
+-   `context['source']`: The source the user is authenticating/enrolling with. (Optional)
 -   `context['pending_user']`: The currently pending user, see [User](../user-group/user.md#object-attributes)
--   `context['auth_method']`: Authentication method set (this value is set by password stages)
+-   `context['is_restored']`: Set to `True` when the flow plan has been restored from a flow token, for example the user clicked a link to a flow which was sent by an email stage. (Optional)
+-   `context['auth_method']`: Authentication method (this value is set by password stages) (Optional)
 
     Depending on method, `context['auth_method_args']` is also set.
 
     Can be any of:
 
     -   `password`: Standard password login
+    -   `auth_mfa`: MFA login (this method is only set if no password was used)
+
+        Sets `context['auth_method_args']` to
+
+        ```json
+        {
+            "mfa_devices": [
+                {
+                    "pk": 1,
+                    "app": "otp_static",
+                    "name": "Static Token",
+                    "model_name": "staticdevice"
+                }
+            ]
+        }
+        ```
+
+    -   `auth_webauthn_pwl`: Password-less WebAuthn login
+    -   `jwt`: OAuth Machine-to-machine login via external JWT
     -   `app_password`: App password (token)
 
         Sets `context['auth_method_args']` to