diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 1f5c5f215..4018e94a4 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -59,19 +59,18 @@ These are the current packages:
 authentik
 ├── admin - Administrative tasks and APIs, no models (Version updates, Metrics, system tasks)
 ├── api - General API Configuration (Routes, Schema and general API utilities)
+├── blueprints - Handle managed models and their state.
 ├── core - Core authentik functionality, central routes, core Models
 ├── crypto - Cryptography, currently used to generate and hold Certificates and Private Keys
 ├── events - Event Log, middleware and signals to generate signals
 ├── flows - Flows, the FlowPlanner and the FlowExecutor, used for all flows for authentication, authorization, etc
 ├── lib - Generic library of functions, few dependencies on other packages.
-├── managed - Handle managed models and their state.
 ├── outposts - Configure and deploy outposts on kubernetes and docker.
 ├── policies - General PolicyEngine
 │   ├── dummy - A Dummy policy used for testing
 │   ├── event_matcher - Match events based on different criteria
 │   ├── expiry - Check when a user's password was last set
 │   ├── expression - Execute any arbitrary python code
-│   ├── hibp - Check a password against HaveIBeenPwned
 │   ├── password - Check a password against several rules
 │   └── reputation - Check the user's/client's reputation
 ├── providers
diff --git a/authentik/api/v3/urls.py b/authentik/api/v3/urls.py
index d6989460d..9492984fd 100644
--- a/authentik/api/v3/urls.py
+++ b/authentik/api/v3/urls.py
@@ -45,7 +45,6 @@ from authentik.policies.dummy.api import DummyPolicyViewSet
 from authentik.policies.event_matcher.api import EventMatcherPolicyViewSet
 from authentik.policies.expiry.api import PasswordExpiryPolicyViewSet
 from authentik.policies.expression.api import ExpressionPolicyViewSet
-from authentik.policies.hibp.api import HaveIBeenPwendPolicyViewSet
 from authentik.policies.password.api import PasswordPolicyViewSet
 from authentik.policies.reputation.api import ReputationPolicyViewSet, ReputationViewSet
 from authentik.providers.ldap.api import LDAPOutpostConfigViewSet, LDAPProviderViewSet
@@ -150,7 +149,6 @@ router.register("policies/all", PolicyViewSet)
 router.register("policies/bindings", PolicyBindingViewSet)
 router.register("policies/expression", ExpressionPolicyViewSet)
 router.register("policies/event_matcher", EventMatcherPolicyViewSet)
-router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet)
 router.register("policies/password_expiry", PasswordExpiryPolicyViewSet)
 router.register("policies/password", PasswordPolicyViewSet)
 router.register("policies/reputation/scores", ReputationViewSet)
diff --git a/authentik/policies/event_matcher/api.py b/authentik/policies/event_matcher/api.py
index 4a4a74551..ea865f26d 100644
--- a/authentik/policies/event_matcher/api.py
+++ b/authentik/policies/event_matcher/api.py
@@ -1,14 +1,25 @@
 """Event Matcher Policy API"""
+from django.utils.translation import gettext as _
+from rest_framework.fields import ChoiceField
 from rest_framework.viewsets import ModelViewSet
 
 from authentik.core.api.used_by import UsedByMixin
 from authentik.policies.api.policies import PolicySerializer
-from authentik.policies.event_matcher.models import EventMatcherPolicy
+from authentik.policies.event_matcher.models import EventMatcherPolicy, app_choices
 
 
 class EventMatcherPolicySerializer(PolicySerializer):
     """Event Matcher Policy Serializer"""
 
+    app = ChoiceField(
+        choices=app_choices(),
+        required=False,
+        help_text=_(
+            "Match events created by selected application. When left empty, "
+            "all applications are matched."
+        ),
+    )
+
     class Meta:
         model = EventMatcherPolicy
         fields = PolicySerializer.Meta.fields + [
diff --git a/authentik/policies/event_matcher/migrations/0021_alter_eventmatcherpolicy_app.py b/authentik/policies/event_matcher/migrations/0021_alter_eventmatcherpolicy_app.py
new file mode 100644
index 000000000..c92f69029
--- /dev/null
+++ b/authentik/policies/event_matcher/migrations/0021_alter_eventmatcherpolicy_app.py
@@ -0,0 +1,25 @@
+# Generated by Django 4.1.5 on 2023-01-05 09:24
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        (
+            "authentik_policies_event_matcher",
+            "0020_eventmatcherpolicy_authentik_p_policy__e605cf_idx",
+        ),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="eventmatcherpolicy",
+            name="app",
+            field=models.TextField(
+                blank=True,
+                default="",
+                help_text="Match events created by selected application. When left empty, all applications are matched.",
+            ),
+        ),
+    ]
diff --git a/authentik/policies/event_matcher/models.py b/authentik/policies/event_matcher/models.py
index e367361d5..e46bb4eeb 100644
--- a/authentik/policies/event_matcher/models.py
+++ b/authentik/policies/event_matcher/models.py
@@ -33,7 +33,6 @@ class EventMatcherPolicy(Policy):
         ),
     )
     app = models.TextField(
-        choices=app_choices(),
         blank=True,
         default="",
         help_text=_(
diff --git a/authentik/policies/hibp/__init__.py b/authentik/policies/hibp/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/authentik/policies/hibp/api.py b/authentik/policies/hibp/api.py
deleted file mode 100644
index 499853f3f..000000000
--- a/authentik/policies/hibp/api.py
+++ /dev/null
@@ -1,24 +0,0 @@
-"""Source API Views"""
-from rest_framework.viewsets import ModelViewSet
-
-from authentik.core.api.used_by import UsedByMixin
-from authentik.policies.api.policies import PolicySerializer
-from authentik.policies.hibp.models import HaveIBeenPwendPolicy
-
-
-class HaveIBeenPwendPolicySerializer(PolicySerializer):
-    """Have I Been Pwned Policy Serializer"""
-
-    class Meta:
-        model = HaveIBeenPwendPolicy
-        fields = PolicySerializer.Meta.fields + ["password_field", "allowed_count"]
-
-
-class HaveIBeenPwendPolicyViewSet(UsedByMixin, ModelViewSet):
-    """Source Viewset"""
-
-    queryset = HaveIBeenPwendPolicy.objects.all()
-    serializer_class = HaveIBeenPwendPolicySerializer
-    filterset_fields = "__all__"
-    search_fields = ["name", "password_field"]
-    ordering = ["name"]
diff --git a/authentik/policies/hibp/apps.py b/authentik/policies/hibp/apps.py
deleted file mode 100644
index 75fe9a275..000000000
--- a/authentik/policies/hibp/apps.py
+++ /dev/null
@@ -1,11 +0,0 @@
-"""Authentik hibp app config"""
-
-from django.apps import AppConfig
-
-
-class AuthentikPolicyHIBPConfig(AppConfig):
-    """Authentik hibp app config"""
-
-    name = "authentik.policies.hibp"
-    label = "authentik_policies_hibp"
-    verbose_name = "authentik Policies.HaveIBeenPwned"
diff --git a/authentik/policies/hibp/migrations/0001_initial.py b/authentik/policies/hibp/migrations/0001_initial.py
deleted file mode 100644
index 3ffaa4101..000000000
--- a/authentik/policies/hibp/migrations/0001_initial.py
+++ /dev/null
@@ -1,38 +0,0 @@
-# Generated by Django 3.0.6 on 2020-05-19 22:08
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    initial = True
-
-    dependencies = [
-        ("authentik_policies", "0001_initial"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="HaveIBeenPwendPolicy",
-            fields=[
-                (
-                    "policy_ptr",
-                    models.OneToOneField(
-                        auto_created=True,
-                        on_delete=django.db.models.deletion.CASCADE,
-                        parent_link=True,
-                        primary_key=True,
-                        serialize=False,
-                        to="authentik_policies.Policy",
-                    ),
-                ),
-                ("allowed_count", models.IntegerField(default=0)),
-            ],
-            options={
-                "verbose_name": "Have I Been Pwned Policy",
-                "verbose_name_plural": "Have I Been Pwned Policies",
-            },
-            bases=("authentik_policies.policy",),
-        ),
-    ]
diff --git a/authentik/policies/hibp/migrations/0002_haveibeenpwendpolicy_password_field.py b/authentik/policies/hibp/migrations/0002_haveibeenpwendpolicy_password_field.py
deleted file mode 100644
index a05054217..000000000
--- a/authentik/policies/hibp/migrations/0002_haveibeenpwendpolicy_password_field.py
+++ /dev/null
@@ -1,21 +0,0 @@
-# Generated by Django 3.0.8 on 2020-07-10 18:45
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ("authentik_policies_hibp", "0001_initial"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="haveibeenpwendpolicy",
-            name="password_field",
-            field=models.TextField(
-                default="password",
-                help_text="Field key to check, field keys defined in Prompt stages are available.",
-            ),
-        ),
-    ]
diff --git a/authentik/policies/hibp/migrations/0003_haveibeenpwendpolicy_authentik_p_policy__6957d7_idx.py b/authentik/policies/hibp/migrations/0003_haveibeenpwendpolicy_authentik_p_policy__6957d7_idx.py
deleted file mode 100644
index c12a4e2f7..000000000
--- a/authentik/policies/hibp/migrations/0003_haveibeenpwendpolicy_authentik_p_policy__6957d7_idx.py
+++ /dev/null
@@ -1,17 +0,0 @@
-# Generated by Django 4.1.2 on 2022-10-19 19:24
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ("authentik_policies_hibp", "0002_haveibeenpwendpolicy_password_field"),
-    ]
-
-    operations = [
-        migrations.AddIndex(
-            model_name="haveibeenpwendpolicy",
-            index=models.Index(fields=["policy_ptr_id"], name="authentik_p_policy__6957d7_idx"),
-        ),
-    ]
diff --git a/authentik/policies/hibp/migrations/__init__.py b/authentik/policies/hibp/migrations/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/authentik/policies/hibp/models.py b/authentik/policies/hibp/models.py
deleted file mode 100644
index 0ffb20e2c..000000000
--- a/authentik/policies/hibp/models.py
+++ /dev/null
@@ -1,71 +0,0 @@
-"""authentik HIBP Models"""
-from hashlib import sha1
-
-from django.db import models
-from django.utils.translation import gettext as _
-from rest_framework.serializers import BaseSerializer
-from structlog.stdlib import get_logger
-
-from authentik.lib.utils.http import get_http_session
-from authentik.policies.models import Policy, PolicyResult
-from authentik.policies.types import PolicyRequest
-from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT
-
-LOGGER = get_logger()
-
-
-class HaveIBeenPwendPolicy(Policy):
-    """DEPRECATED. Check if password is on HaveIBeenPwned's list by uploading the first
-    5 characters of the SHA1 Hash."""
-
-    password_field = models.TextField(
-        default="password",
-        help_text=_("Field key to check, field keys defined in Prompt stages are available."),
-    )
-
-    allowed_count = models.IntegerField(default=0)
-
-    @property
-    def serializer(self) -> type[BaseSerializer]:
-        from authentik.policies.hibp.api import HaveIBeenPwendPolicySerializer
-
-        return HaveIBeenPwendPolicySerializer
-
-    @property
-    def component(self) -> str:
-        return "ak-policy-hibp-form"
-
-    def passes(self, request: PolicyRequest) -> PolicyResult:
-        """Check if password is in HIBP DB. Hashes given Password with SHA1, uses the first 5
-        characters of Password in request and checks if full hash is in response. Returns 0
-        if Password is not in result otherwise the count of how many times it was used."""
-        password = request.context.get(PLAN_CONTEXT_PROMPT, {}).get(
-            self.password_field, request.context.get(self.password_field)
-        )
-        if not password:
-            LOGGER.warning(
-                "Password field not set in Policy Request",
-                field=self.password_field,
-                fields=request.context.keys(),
-            )
-            return PolicyResult(False, _("Password not set in context"))
-        password = str(password)
-
-        pw_hash = sha1(password.encode("utf-8")).hexdigest()  # nosec
-        url = f"https://api.pwnedpasswords.com/range/{pw_hash[:5]}"
-        result = get_http_session().get(url).text
-        final_count = 0
-        for line in result.split("\r\n"):
-            full_hash, count = line.split(":")
-            if pw_hash[5:] == full_hash.lower():
-                final_count = int(count)
-        LOGGER.debug("got hibp result", count=final_count, hash=pw_hash[:5])
-        if final_count > self.allowed_count:
-            message = _("Password exists on %(count)d online lists." % {"count": final_count})
-            return PolicyResult(False, message)
-        return PolicyResult(True)
-
-    class Meta(Policy.PolicyMeta):
-
-        verbose_name = _("Have I Been Pwned Policy")
-        verbose_name_plural = _("Have I Been Pwned Policies")
diff --git a/authentik/policies/hibp/tests.py b/authentik/policies/hibp/tests.py
deleted file mode 100644
index 89c79bf0b..000000000
--- a/authentik/policies/hibp/tests.py
+++ /dev/null
@@ -1,44 +0,0 @@
-"""HIBP Policy tests"""
-from django.test import TestCase
-from guardian.shortcuts import get_anonymous_user
-
-from authentik.lib.generators import generate_key
-from authentik.policies.hibp.models import HaveIBeenPwendPolicy
-from authentik.policies.types import PolicyRequest, PolicyResult
-from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT
-
-
-class TestHIBPPolicy(TestCase):
-    """Test HIBP Policy"""
-
-    def test_invalid(self):
-        """Test without password"""
-        policy = HaveIBeenPwendPolicy.objects.create(
-            name="test_invalid",
-        )
-        request = PolicyRequest(get_anonymous_user())
-        result: PolicyResult = policy.passes(request)
-        self.assertFalse(result.passing)
-        self.assertEqual(result.messages[0], "Password not set in context")
-
-    def test_false(self):
-        """Failing password case"""
-        policy = HaveIBeenPwendPolicy.objects.create(
-            name="test_false",
-        )
-        request = PolicyRequest(get_anonymous_user())
-        request.context[PLAN_CONTEXT_PROMPT] = {"password": "password"}  # nosec
-        result: PolicyResult = policy.passes(request)
-        self.assertFalse(result.passing)
-        self.assertTrue(result.messages[0].startswith("Password exists on "))
-
-    def test_true(self):
-        """Positive password case"""
-        policy = HaveIBeenPwendPolicy.objects.create(
-            name="test_true",
-        )
-        request = PolicyRequest(get_anonymous_user())
-        request.context[PLAN_CONTEXT_PROMPT] = {"password": generate_key()}
-        result: PolicyResult = policy.passes(request)
-        self.assertTrue(result.passing)
-        self.assertEqual(result.messages, tuple())
diff --git a/authentik/policies/password/migrations/0005_passwordpolicy_check_have_i_been_pwned_and_more.py b/authentik/policies/password/migrations/0005_passwordpolicy_check_have_i_been_pwned_and_more.py
index 58aded95a..3b12a7773 100644
--- a/authentik/policies/password/migrations/0005_passwordpolicy_check_have_i_been_pwned_and_more.py
+++ b/authentik/policies/password/migrations/0005_passwordpolicy_check_have_i_been_pwned_and_more.py
@@ -1,34 +1,10 @@
 # Generated by Django 4.1.3 on 2022-11-14 09:23
-from django.apps.registry import Apps
 from django.db import migrations, models
-from django.db.backends.base.schema import BaseDatabaseSchemaEditor
-
-
-def migrate_hibp_policy(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
-    db_alias = schema_editor.connection.alias
-
-    HaveIBeenPwendPolicy = apps.get_model("authentik_policies_hibp", "HaveIBeenPwendPolicy")
-    PasswordPolicy = apps.get_model("authentik_policies_password", "PasswordPolicy")
-
-    PolicyBinding = apps.get_model("authentik_policies", "PolicyBinding")
-
-    for old_policy in HaveIBeenPwendPolicy.objects.using(db_alias).all():
-        new_policy = PasswordPolicy.objects.using(db_alias).create(
-            name=old_policy.name,
-            hibp_allowed_count=old_policy.allowed_count,
-            password_field=old_policy.password_field,
-            execution_logging=old_policy.execution_logging,
-            check_static_rules=False,
-            check_have_i_been_pwned=True,
-        )
-        PolicyBinding.objects.using(db_alias).filter(policy=old_policy).update(policy=new_policy)
-        old_policy.delete()
 
 
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("authentik_policies_hibp", "0003_haveibeenpwendpolicy_authentik_p_policy__6957d7_idx"),
         ("authentik_policies_password", "0004_passwordpolicy_authentik_p_policy__855e80_idx"),
     ]
 
@@ -69,5 +45,4 @@ class Migration(migrations.Migration):
             name="error_message",
             field=models.TextField(blank=True),
         ),
-        migrations.RunPython(migrate_hibp_policy),
     ]
diff --git a/authentik/providers/oauth2/migrations/0009_oauth2provider_verification_keys_and_more.py b/authentik/providers/oauth2/migrations/0009_oauth2provider_verification_keys_and_more.py
index 78cbb66f1..8503b060b 100644
--- a/authentik/providers/oauth2/migrations/0009_oauth2provider_verification_keys_and_more.py
+++ b/authentik/providers/oauth2/migrations/0009_oauth2provider_verification_keys_and_more.py
@@ -16,7 +16,7 @@ class Migration(migrations.Migration):
             model_name="oauth2provider",
             name="verification_keys",
             field=models.ManyToManyField(
-                help_text="DEPRECATED. JWTs created with the configured certificates can authenticate with this provider.",
+                help_text="JWTs created with the configured certificates can authenticate with this provider.",
                 related_name="+",
                 to="authentik_crypto.certificatekeypair",
                 verbose_name="Allowed certificates for JWT-based client_credentials",
diff --git a/authentik/providers/oauth2/migrations/0011_oauth2provider_jwks_sources_and_more.py b/authentik/providers/oauth2/migrations/0011_oauth2provider_jwks_sources_and_more.py
index 02af91b82..8d1983c53 100644
--- a/authentik/providers/oauth2/migrations/0011_oauth2provider_jwks_sources_and_more.py
+++ b/authentik/providers/oauth2/migrations/0011_oauth2provider_jwks_sources_and_more.py
@@ -32,7 +32,7 @@ class Migration(migrations.Migration):
             field=models.ManyToManyField(
                 blank=True,
                 default=None,
-                help_text="DEPRECATED. JWTs created with the configured certificates can authenticate with this provider.",
+                help_text="JWTs created with the configured certificates can authenticate with this provider.",
                 related_name="oauth2_providers",
                 to="authentik_crypto.certificatekeypair",
                 verbose_name="Allowed certificates for JWT-based client_credentials",
diff --git a/authentik/root/settings.py b/authentik/root/settings.py
index 9002f6b1f..20fdb634d 100644
--- a/authentik/root/settings.py
+++ b/authentik/root/settings.py
@@ -73,7 +73,6 @@ INSTALLED_APPS = [
     "authentik.policies.event_matcher",
     "authentik.policies.expiry",
     "authentik.policies.expression",
-    "authentik.policies.hibp",
     "authentik.policies.password",
     "authentik.policies.reputation",
     "authentik.policies",
diff --git a/blueprints/schema.json b/blueprints/schema.json
index 02a7cfbd4..7c0070da8 100644
--- a/blueprints/schema.json
+++ b/blueprints/schema.json
@@ -69,7 +69,6 @@
                             "authentik_policies_event_matcher.eventmatcherpolicy",
                             "authentik_policies_expiry.passwordexpirypolicy",
                             "authentik_policies_expression.expressionpolicy",
-                            "authentik_policies_hibp.haveibeenpwendpolicy",
                             "authentik_policies_password.passwordpolicy",
                             "authentik_policies_reputation.reputation",
                             "authentik_policies_reputation.reputationpolicy",
diff --git a/lifecycle/system_migrations/to_2023_1_hibp_remove.py b/lifecycle/system_migrations/to_2023_1_hibp_remove.py
new file mode 100644
index 000000000..28a926a8a
--- /dev/null
+++ b/lifecycle/system_migrations/to_2023_1_hibp_remove.py
@@ -0,0 +1,19 @@
+# flake8: noqa
+from lifecycle.migrate import BaseMigration
+
+SQL_STATEMENT = """BEGIN TRANSACTION;
+DROP TABLE "authentik_policies_hibp_haveibeenpwendpolicy";
+DELETE FROM django_migrations WHERE app = 'authentik_policies_hibp';
+END TRANSACTION;"""
+
+
+class Migration(BaseMigration):
+    def needs_migration(self) -> bool:
+        self.cur.execute(
+            "SELECT * FROM information_schema.tables WHERE table_name = 'authentik_policies_hibp_haveibeenpwendpolicy';"
+        )
+        return bool(self.cur.rowcount)
+
+    def run(self):
+        self.cur.execute(SQL_STATEMENT)
+        self.con.commit()
diff --git a/locale/en/LC_MESSAGES/django.po b/locale/en/LC_MESSAGES/django.po
index 6679e6240..d8ec7dd34 100644
--- a/locale/en/LC_MESSAGES/django.po
+++ b/locale/en/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-01-04 17:12+0000\n"
+"POT-Creation-Date: 2023-01-05 12:01+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -537,11 +537,17 @@ msgstr ""
 msgid "Dummy Policies"
 msgstr ""
 
-#: authentik/policies/event_matcher/models.py:80
+#: authentik/policies/event_matcher/api.py:18
+msgid ""
+"Match events created by selected application. When left empty, all "
+"applications are matched."
+msgstr ""
+
+#: authentik/policies/event_matcher/models.py:79
 msgid "Event Matcher Policy"
 msgstr ""
 
-#: authentik/policies/event_matcher/models.py:81
+#: authentik/policies/event_matcher/models.py:80
 msgid "Event Matcher Policies"
 msgstr ""
 
@@ -569,30 +575,6 @@ msgstr ""
 msgid "Expression Policies"
 msgstr ""
 
-#: authentik/policies/hibp/models.py:23
-#: authentik/policies/password/models.py:27
-msgid "Field key to check, field keys defined in Prompt stages are available."
-msgstr ""
-
-#: authentik/policies/hibp/models.py:51
-#: authentik/policies/password/models.py:72
-msgid "Password not set in context"
-msgstr ""
-
-#: authentik/policies/hibp/models.py:64
-#: authentik/policies/password/models.py:134
-#, python-format
-msgid "Password exists on %(count)d online lists."
-msgstr ""
-
-#: authentik/policies/hibp/models.py:70
-msgid "Have I Been Pwned Policy"
-msgstr ""
-
-#: authentik/policies/hibp/models.py:71
-msgid "Have I Been Pwned Policies"
-msgstr ""
-
 #: authentik/policies/models.py:23
 msgid "ALL, all policies must pass"
 msgstr ""
@@ -633,6 +615,10 @@ msgstr ""
 msgid "Policies"
 msgstr ""
 
+#: authentik/policies/password/models.py:27
+msgid "Field key to check, field keys defined in Prompt stages are available."
+msgstr ""
+
 #: authentik/policies/password/models.py:44
 msgid "How many times the password hash is allowed to be on haveibeenpwned"
 msgstr ""
@@ -642,6 +628,15 @@ msgid ""
 "If the zxcvbn score is equal or less than this value, the policy will fail."
 msgstr ""
 
+#: authentik/policies/password/models.py:72
+msgid "Password not set in context"
+msgstr ""
+
+#: authentik/policies/password/models.py:134
+#, python-format
+msgid "Password exists on %(count)d online lists."
+msgstr ""
+
 #: authentik/policies/password/models.py:154
 msgid "Password is too weak."
 msgstr ""
@@ -949,6 +944,14 @@ msgstr ""
 msgid "authentik API Access on behalf of your user"
 msgstr ""
 
+#: authentik/providers/proxy/api.py:51
+msgid "User and password attributes must be set when basic auth is enabled."
+msgstr ""
+
+#: authentik/providers/proxy/api.py:61
+msgid "Internal host cannot be empty when forward auth is disabled."
+msgstr ""
+
 #: authentik/providers/proxy/models.py:54
 msgid "Validate SSL Certificates of upstream servers"
 msgstr ""
diff --git a/schema.yml b/schema.yml
index 6285710f5..e1f7c50b3 100644
--- a/schema.yml
+++ b/schema.yml
@@ -10597,55 +10597,6 @@ paths:
         name: app
         schema:
           type: string
-          enum:
-          - authentik.admin
-          - authentik.api
-          - authentik.blueprints
-          - authentik.core
-          - authentik.crypto
-          - authentik.events
-          - authentik.flows
-          - authentik.lib
-          - authentik.outposts
-          - authentik.policies
-          - authentik.policies.dummy
-          - authentik.policies.event_matcher
-          - authentik.policies.expiry
-          - authentik.policies.expression
-          - authentik.policies.hibp
-          - authentik.policies.password
-          - authentik.policies.reputation
-          - authentik.providers.ldap
-          - authentik.providers.oauth2
-          - authentik.providers.proxy
-          - authentik.providers.saml
-          - authentik.recovery
-          - authentik.sources.ldap
-          - authentik.sources.oauth
-          - authentik.sources.plex
-          - authentik.sources.saml
-          - authentik.stages.authenticator_duo
-          - authentik.stages.authenticator_sms
-          - authentik.stages.authenticator_static
-          - authentik.stages.authenticator_totp
-          - authentik.stages.authenticator_validate
-          - authentik.stages.authenticator_webauthn
-          - authentik.stages.captcha
-          - authentik.stages.consent
-          - authentik.stages.deny
-          - authentik.stages.dummy
-          - authentik.stages.email
-          - authentik.stages.identification
-          - authentik.stages.invitation
-          - authentik.stages.password
-          - authentik.stages.prompt
-          - authentik.stages.user_delete
-          - authentik.stages.user_login
-          - authentik.stages.user_logout
-          - authentik.stages.user_write
-          - authentik.tenants
-        description: Match events created by selected application. When left empty,
-          all applications are matched.
       - in: query
         name: client_ip
         schema:
@@ -11225,302 +11176,6 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
-  /policies/haveibeenpwned/:
-    get:
-      operationId: policies_haveibeenpwned_list
-      description: Source Viewset
-      parameters:
-      - in: query
-        name: allowed_count
-        schema:
-          type: integer
-      - in: query
-        name: created
-        schema:
-          type: string
-          format: date-time
-      - in: query
-        name: execution_logging
-        schema:
-          type: boolean
-      - in: query
-        name: last_updated
-        schema:
-          type: string
-          format: date-time
-      - in: query
-        name: name
-        schema:
-          type: string
-      - name: ordering
-        required: false
-        in: query
-        description: Which field to use when ordering the results.
-        schema:
-          type: string
-      - name: page
-        required: false
-        in: query
-        description: A page number within the paginated result set.
-        schema:
-          type: integer
-      - name: page_size
-        required: false
-        in: query
-        description: Number of results to return per page.
-        schema:
-          type: integer
-      - in: query
-        name: password_field
-        schema:
-          type: string
-      - in: query
-        name: policy_uuid
-        schema:
-          type: string
-          format: uuid
-      - name: search
-        required: false
-        in: query
-        description: A search term.
-        schema:
-          type: string
-      tags:
-      - policies
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/PaginatedHaveIBeenPwendPolicyList'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
-    post:
-      operationId: policies_haveibeenpwned_create
-      description: Source Viewset
-      tags:
-      - policies
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/HaveIBeenPwendPolicyRequest'
-        required: true
-      security:
-      - authentik: []
-      responses:
-        '201':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/HaveIBeenPwendPolicy'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
-  /policies/haveibeenpwned/{policy_uuid}/:
-    get:
-      operationId: policies_haveibeenpwned_retrieve
-      description: Source Viewset
-      parameters:
-      - in: path
-        name: policy_uuid
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Have I Been Pwned Policy.
-        required: true
-      tags:
-      - policies
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/HaveIBeenPwendPolicy'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
-    put:
-      operationId: policies_haveibeenpwned_update
-      description: Source Viewset
-      parameters:
-      - in: path
-        name: policy_uuid
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Have I Been Pwned Policy.
-        required: true
-      tags:
-      - policies
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/HaveIBeenPwendPolicyRequest'
-        required: true
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/HaveIBeenPwendPolicy'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
-    patch:
-      operationId: policies_haveibeenpwned_partial_update
-      description: Source Viewset
-      parameters:
-      - in: path
-        name: policy_uuid
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Have I Been Pwned Policy.
-        required: true
-      tags:
-      - policies
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/PatchedHaveIBeenPwendPolicyRequest'
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/HaveIBeenPwendPolicy'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
-    delete:
-      operationId: policies_haveibeenpwned_destroy
-      description: Source Viewset
-      parameters:
-      - in: path
-        name: policy_uuid
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Have I Been Pwned Policy.
-        required: true
-      tags:
-      - policies
-      security:
-      - authentik: []
-      responses:
-        '204':
-          description: No response body
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
-  /policies/haveibeenpwned/{policy_uuid}/used_by/:
-    get:
-      operationId: policies_haveibeenpwned_used_by_list
-      description: Get a list of all objects that use this object
-      parameters:
-      - in: path
-        name: policy_uuid
-        schema:
-          type: string
-          format: uuid
-        description: A UUID string identifying this Have I Been Pwned Policy.
-        required: true
-      tags:
-      - policies
-      security:
-      - authentik: []
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/UsedBy'
-          description: ''
-        '400':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/ValidationError'
-          description: ''
-        '403':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/GenericError'
-          description: ''
   /policies/password/:
     get:
       operationId: policies_password_list
@@ -25093,7 +24748,6 @@ components:
       - authentik.policies.event_matcher
       - authentik.policies.expiry
       - authentik.policies.expression
-      - authentik.policies.hibp
       - authentik.policies.password
       - authentik.policies.reputation
       - authentik.policies
@@ -28347,74 +28001,6 @@ components:
           additionalProperties: {}
       required:
       - name
-    HaveIBeenPwendPolicy:
-      type: object
-      description: Have I Been Pwned Policy Serializer
-      properties:
-        pk:
-          type: string
-          format: uuid
-          readOnly: true
-          title: Policy uuid
-        name:
-          type: string
-        execution_logging:
-          type: boolean
-          description: When this option is enabled, all executions of this policy
-            will be logged. By default, only execution errors are logged.
-        component:
-          type: string
-          readOnly: true
-        verbose_name:
-          type: string
-          readOnly: true
-        verbose_name_plural:
-          type: string
-          readOnly: true
-        meta_model_name:
-          type: string
-          readOnly: true
-        bound_to:
-          type: integer
-          readOnly: true
-        password_field:
-          type: string
-          description: Field key to check, field keys defined in Prompt stages are
-            available.
-        allowed_count:
-          type: integer
-          maximum: 2147483647
-          minimum: -2147483648
-      required:
-      - bound_to
-      - component
-      - meta_model_name
-      - name
-      - pk
-      - verbose_name
-      - verbose_name_plural
-    HaveIBeenPwendPolicyRequest:
-      type: object
-      description: Have I Been Pwned Policy Serializer
-      properties:
-        name:
-          type: string
-          minLength: 1
-        execution_logging:
-          type: boolean
-          description: When this option is enabled, all executions of this policy
-            will be logged. By default, only execution errors are logged.
-        password_field:
-          type: string
-          minLength: 1
-          description: Field key to check, field keys defined in Prompt stages are
-            available.
-        allowed_count:
-          type: integer
-          maximum: 2147483647
-          minimum: -2147483648
-      required:
-      - name
     IdentificationChallenge:
       type: object
       description: Identification challenges with all UI elements
@@ -31154,41 +30740,6 @@ components:
       required:
       - pagination
       - results
-    PaginatedHaveIBeenPwendPolicyList:
-      type: object
-      properties:
-        pagination:
-          type: object
-          properties:
-            next:
-              type: number
-            previous:
-              type: number
-            count:
-              type: number
-            current:
-              type: number
-            total_pages:
-              type: number
-            start_index:
-              type: number
-            end_index:
-              type: number
-          required:
-          - next
-          - previous
-          - count
-          - current
-          - total_pages
-          - start_index
-          - end_index
-        results:
-          type: array
-          items:
-            $ref: '#/components/schemas/HaveIBeenPwendPolicy'
-      required:
-      - pagination
-      - results
     PaginatedIdentificationStageList:
       type: object
       properties:
@@ -33961,26 +33512,6 @@ components:
         attributes:
           type: object
           additionalProperties: {}
-    PatchedHaveIBeenPwendPolicyRequest:
-      type: object
-      description: Have I Been Pwned Policy Serializer
-      properties:
-        name:
-          type: string
-          minLength: 1
-        execution_logging:
-          type: boolean
-          description: When this option is enabled, all executions of this policy
-            will be logged. By default, only execution errors are logged.
-        password_field:
-          type: string
-          minLength: 1
-          description: Field key to check, field keys defined in Prompt stages are
-            available.
-        allowed_count:
-          type: integer
-          maximum: 2147483647
-          minimum: -2147483648
     PatchedIdentificationStageRequest:
       type: object
       description: IdentificationStage Serializer
diff --git a/web/src/admin/policies/PolicyListPage.ts b/web/src/admin/policies/PolicyListPage.ts
index defe70f30..88296efab 100644
--- a/web/src/admin/policies/PolicyListPage.ts
+++ b/web/src/admin/policies/PolicyListPage.ts
@@ -4,7 +4,6 @@ import "@goauthentik/admin/policies/dummy/DummyPolicyForm";
 import "@goauthentik/admin/policies/event_matcher/EventMatcherPolicyForm";
 import "@goauthentik/admin/policies/expiry/ExpiryPolicyForm";
 import "@goauthentik/admin/policies/expression/ExpressionPolicyForm";
-import "@goauthentik/admin/policies/hibp/HaveIBeenPwnedPolicyForm";
 import "@goauthentik/admin/policies/password/PasswordPolicyForm";
 import "@goauthentik/admin/policies/reputation/ReputationPolicyForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
diff --git a/web/src/admin/policies/PolicyWizard.ts b/web/src/admin/policies/PolicyWizard.ts
index fdd7e9b22..eb8575d97 100644
--- a/web/src/admin/policies/PolicyWizard.ts
+++ b/web/src/admin/policies/PolicyWizard.ts
@@ -3,7 +3,6 @@ import "@goauthentik/admin/policies/dummy/DummyPolicyForm";
 import "@goauthentik/admin/policies/event_matcher/EventMatcherPolicyForm";
 import "@goauthentik/admin/policies/expiry/ExpiryPolicyForm";
 import "@goauthentik/admin/policies/expression/ExpressionPolicyForm";
-import "@goauthentik/admin/policies/hibp/HaveIBeenPwnedPolicyForm";
 import "@goauthentik/admin/policies/password/PasswordPolicyForm";
 import "@goauthentik/admin/policies/reputation/ReputationPolicyForm";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
diff --git a/web/src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts b/web/src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
deleted file mode 100644
index 79b56e6e7..000000000
--- a/web/src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
+++ /dev/null
@@ -1,108 +0,0 @@
-import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
-import { first } from "@goauthentik/common/utils";
-import "@goauthentik/elements/forms/FormGroup";
-import "@goauthentik/elements/forms/HorizontalFormElement";
-import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
-
-import { t } from "@lingui/macro";
-
-import { TemplateResult, html } from "lit";
-import { customElement } from "lit/decorators.js";
-import { ifDefined } from "lit/directives/if-defined.js";
-
-import { HaveIBeenPwendPolicy, PoliciesApi } from "@goauthentik/api";
-
-@customElement("ak-policy-hibp-form")
-export class HaveIBeenPwnedPolicyForm extends ModelForm<HaveIBeenPwendPolicy, string> {
-    loadInstance(pk: string): Promise<HaveIBeenPwendPolicy> {
-        return new PoliciesApi(DEFAULT_CONFIG).policiesHaveibeenpwnedRetrieve({
-            policyUuid: pk,
-        });
-    }
-
-    getSuccessMessage(): string {
-        if (this.instance) {
-            return t`Successfully updated policy.`;
-        } else {
-            return t`Successfully created policy.`;
-        }
-    }
-
-    send = (data: HaveIBeenPwendPolicy): Promise<HaveIBeenPwendPolicy> => {
-        if (this.instance) {
-            return new PoliciesApi(DEFAULT_CONFIG).policiesHaveibeenpwnedUpdate({
-                policyUuid: this.instance.pk || "",
-                haveIBeenPwendPolicyRequest: data,
-            });
-        } else {
-            return new PoliciesApi(DEFAULT_CONFIG).policiesHaveibeenpwnedCreate({
-                haveIBeenPwendPolicyRequest: data,
-            });
-        }
-    };
-
-    renderForm(): TemplateResult {
-        return html`<form class="pf-c-form pf-m-horizontal">
-            <div class="form-help-text">
-                ${t`Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.
-                Note that only a part of the hash of the password is sent, the full comparison is done clientside.`}
-            </div>
-            <ak-form-element-horizontal label=${t`Name`} ?required=${true} name="name">
-                <input
-                    type="text"
-                    value="${ifDefined(this.instance?.name || "")}"
-                    class="pf-c-form-control"
-                    required
-                />
-            </ak-form-element-horizontal>
-            <ak-form-element-horizontal name="executionLogging">
-                <div class="pf-c-check">
-                    <input
-                        type="checkbox"
-                        class="pf-c-check__input"
-                        ?checked=${first(this.instance?.executionLogging, false)}
-                    />
-                    <label class="pf-c-check__label"> ${t`Execution logging`} </label>
-                </div>
-                <p class="pf-c-form__helper-text">
-                    ${t`When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.`}
-                </p>
-            </ak-form-element-horizontal>
-            <ak-form-group .expanded=${true}>
-                <span slot="header"> ${t`Policy-specific settings`} </span>
-                <div slot="body" class="pf-c-form">
-                    <ak-form-element-horizontal
-                        label=${t`Password field`}
-                        ?required=${true}
-                        name="passwordField"
-                    >
-                        <input
-                            type="text"
-                            value="${ifDefined(this.instance?.passwordField || "password")}"
-                            class="pf-c-form-control"
-                            required
-                        />
-                        <p class="pf-c-form__helper-text">
-                            ${t`Field key to check, field keys defined in Prompt stages are available.`}
-                        </p>
-                    </ak-form-element-horizontal>
-                    <ak-form-element-horizontal
-                        label=${t`Allowed count`}
-                        ?required=${true}
-                        name="allowedCount"
-                    >
-                        <input
-                            type="number"
-                            value="${first(this.instance?.allowedCount, 0)}"
-                            class="pf-c-form-control"
-                            required
-                        />
-                        <p class="pf-c-form__helper-text">
-                            ${t`Allow up to N occurrences in the HIBP database.`}
-                        </p>
-                    </ak-form-element-horizontal>
-                </div>
-            </ak-form-group>
-        </form>`;
-    }
-}
diff --git a/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts b/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts
index a3432b9cd..a02e64053 100644
--- a/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts
+++ b/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts
@@ -417,10 +417,7 @@ ${this.instance?.redirectUris}</textarea
                             )}
                         </select>
                         <p class="pf-c-form__helper-text">
-                            ${t`Deprecated. Instead of using this field, configure the JWKS data/URL in Sources.`}
-                        </p>
-                        <p class="pf-c-form__helper-text">
-                            ${t`JWTs signed by certificates configured here can be used to authenticate to the provider.`}
+                            ${t`JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider.`}
                         </p>
                         <p class="pf-c-form__helper-text">
                             ${t`Hold control/command to select multiple items.`}
diff --git a/web/src/locales/de.po b/web/src/locales/de.po
index ce6836c24..e07de0df9 100644
--- a/web/src/locales/de.po
+++ b/web/src/locales/de.po
@@ -406,7 +406,6 @@ msgstr "IDP-initiierte Anmeldungen zulassen"
 msgid "Allow friends to authenticate via Plex, even if you don't share any servers"
 msgstr "Freunden erlauben sich via Plex zu authentifizieren, auch wenn keine Server geteilt werden."
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allow up to N occurrences in the HIBP database."
 msgstr "Erlaube bis zu N Einträge in der HIBP Datenbank."
@@ -419,7 +418,6 @@ msgstr "Erlauben Sie Benutzern die Verwendung von Anwendungen auf der Grundlage
 msgid "Allowed Redirect URIs"
 msgstr "Erlaubte Weiterleitungs-URIs"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allowed count"
 msgstr "Erlaubte Anzahl"
@@ -1128,12 +1126,12 @@ msgid "Checkbox"
 msgstr "Checkbox"
 
 #: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
-msgid ""
-"Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
-"Note that only a part of the hash of the password is sent, the full comparison is done clientside."
-msgstr ""
-"Prüft einen Wert aus der Richtlinienanfrage gegen die Have I been Pwned API und lehnt die Anfrage basierend darauf ab.\n"
-"Beachten Sie, dass nur ein Teil des Hashs des Passworts gesendet wird, der vollständige Vergleich erfolgt clientseitig."
+#~ msgid ""
+#~ "Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
+#~ "Note that only a part of the hash of the password is sent, the full comparison is done clientside."
+#~ msgstr ""
+#~ "Prüft einen Wert aus der Richtlinienanfrage gegen die Have I been Pwned API und lehnt die Anfrage basierend darauf ab.\n"
+#~ "Beachten Sie, dass nur ein Teil des Hashs des Passworts gesendet wird, der vollständige Vergleich erfolgt clientseitig."
 
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 msgid "Checks if the request's user's password has been changed in the last x days, and denys based on settings."
@@ -1859,8 +1857,8 @@ msgid "Deny the user access"
 msgstr "Dem Benutzer den Zugang verweigern"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
-msgstr "Veraltet. Anstatt dieses Feld zu verwenden, konfigurieren Sie die JWKS-Daten/URL in Sources."
+#~ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
+#~ msgstr "Veraltet. Anstatt dieses Feld zu verwenden, konfigurieren Sie die JWKS-Daten/URL in Sources."
 
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
@@ -2341,7 +2339,6 @@ msgstr "Führt das Python-Snippet aus, um zu bestimmen, ob eine Anfrage zugelass
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Execution logging"
@@ -2508,7 +2505,6 @@ msgstr "Feld"
 msgid "Field Key"
 msgstr "Schlüsselfeld"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Field key to check, field keys defined in Prompt stages are available."
 msgstr "Zu prüfender Feldschlüssel, die in den Aufforderungsphasen definierten Feldschlüssel sind verfügbar."
@@ -3221,8 +3217,12 @@ msgstr ""
 #~ msgstr "JWT Algorithmus"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
-msgstr "JWTs, welche mit den hier konfigurierten Zertifikaten signiert werden, können zur Authentifizierung beim Provider benutzt werden."
+#~ msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgstr "JWTs, welche mit den hier konfigurierten Zertifikaten signiert werden, können zur Authentifizierung beim Provider benutzt werden."
+
+#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
+msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
+msgstr ""
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Key used to sign the tokens."
@@ -3701,7 +3701,6 @@ msgstr "Meine Anwendungen"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingLDAPForm.ts
@@ -4331,7 +4330,6 @@ msgstr "Passwort"
 #~ msgid "Password expiry policy"
 #~ msgstr "Richtlinie für Passwortablauf"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Password field"
 msgstr "Passwortfeld "
@@ -4488,7 +4486,6 @@ msgstr "Richtlinie {0}"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Policy-specific settings"
 msgstr "Richtlinienspezifische Einstellungen"
@@ -5749,7 +5746,6 @@ msgstr "Outpost erfolgreich erstellt."
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully created policy."
@@ -5931,7 +5927,6 @@ msgstr "Passwort erfolgreich aktualisiert."
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully updated policy."
@@ -7355,7 +7350,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
diff --git a/web/src/locales/en.po b/web/src/locales/en.po
index ec508a03e..e7f9dd7ec 100644
--- a/web/src/locales/en.po
+++ b/web/src/locales/en.po
@@ -389,7 +389,6 @@ msgstr "Allow IDP-initiated logins"
 msgid "Allow friends to authenticate via Plex, even if you don't share any servers"
 msgstr "Allow friends to authenticate via Plex, even if you don't share any servers"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allow up to N occurrences in the HIBP database."
 msgstr "Allow up to N occurrences in the HIBP database."
@@ -402,7 +401,6 @@ msgstr "Allow users to use Applications based on properties, enforce Password Cr
 msgid "Allowed Redirect URIs"
 msgstr "Allowed Redirect URIs"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allowed count"
 msgstr "Allowed count"
@@ -1124,12 +1122,12 @@ msgid "Checkbox"
 msgstr "Checkbox"
 
 #: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
-msgid ""
-"Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
-"Note that only a part of the hash of the password is sent, the full comparison is done clientside."
-msgstr ""
-"Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
-"Note that only a part of the hash of the password is sent, the full comparison is done clientside."
+#~ msgid ""
+#~ "Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
+#~ "Note that only a part of the hash of the password is sent, the full comparison is done clientside."
+#~ msgstr ""
+#~ "Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
+#~ "Note that only a part of the hash of the password is sent, the full comparison is done clientside."
 
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 msgid "Checks if the request's user's password has been changed in the last x days, and denys based on settings."
@@ -1871,8 +1869,8 @@ msgid "Deny the user access"
 msgstr "Deny the user access"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
-msgstr "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
+#~ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
+#~ msgstr "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
 
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
@@ -2376,7 +2374,6 @@ msgstr "Executes the python snippet to determine whether to allow or deny a requ
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Execution logging"
@@ -2544,7 +2541,6 @@ msgstr "Field"
 msgid "Field Key"
 msgstr "Field Key"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Field key to check, field keys defined in Prompt stages are available."
 msgstr "Field key to check, field keys defined in Prompt stages are available."
@@ -3273,8 +3269,12 @@ msgstr "JWKS URL"
 #~ msgstr "JWT Algorithm"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
-msgstr "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgstr "JWTs signed by certificates configured here can be used to authenticate to the provider."
+
+#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
+msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
+msgstr "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Key used to sign the tokens."
@@ -3758,7 +3758,6 @@ msgstr "My applications"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingLDAPForm.ts
@@ -4405,7 +4404,6 @@ msgstr "Password"
 #~ msgid "Password expiry policy"
 #~ msgstr "Password expiry policy"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Password field"
 msgstr "Password field"
@@ -4573,7 +4571,6 @@ msgstr "Policy {0}"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Policy-specific settings"
 msgstr "Policy-specific settings"
@@ -5878,7 +5875,6 @@ msgstr "Successfully created outpost."
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully created policy."
@@ -6063,7 +6059,6 @@ msgstr "Successfully updated password."
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully updated policy."
@@ -7514,7 +7509,6 @@ msgstr "When selected, the invite will only be usable with the flow. By default
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
diff --git a/web/src/locales/es.po b/web/src/locales/es.po
index 44d500ddf..d6c63c554 100644
--- a/web/src/locales/es.po
+++ b/web/src/locales/es.po
@@ -384,7 +384,6 @@ msgstr "Permitir inicios de sesión iniciados por el proveedor IDP"
 msgid "Allow friends to authenticate via Plex, even if you don't share any servers"
 msgstr "Permite que tus amigos se autentiquen a través de Plex, incluso si no compartes ningún servidor"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allow up to N occurrences in the HIBP database."
 msgstr "Permite hasta N ocurrencias en la base de datos HIBP."
@@ -397,7 +396,6 @@ msgstr "Permitir a los usuarios utilizar aplicaciones en función de las propied
 msgid "Allowed Redirect URIs"
 msgstr "URIs de redireccionamiento permitidas"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allowed count"
 msgstr "Recuento permitido"
@@ -1104,12 +1102,12 @@ msgid "Checkbox"
 msgstr "Casilla de verificación"
 
 #: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
-msgid ""
-"Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
-"Note that only a part of the hash of the password is sent, the full comparison is done clientside."
-msgstr ""
-"Comprueba un valor de la solicitud de política contra la API 'Have I been Pwned' y rechaza la solicitud en función de eso.\n"
-"Tenga en cuenta que solo se envía una parte del hash de la contraseña, la comparación completa se realiza en el lado del cliente."
+#~ msgid ""
+#~ "Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
+#~ "Note that only a part of the hash of the password is sent, the full comparison is done clientside."
+#~ msgstr ""
+#~ "Comprueba un valor de la solicitud de política contra la API 'Have I been Pwned' y rechaza la solicitud en función de eso.\n"
+#~ "Tenga en cuenta que solo se envía una parte del hash de la contraseña, la comparación completa se realiza en el lado del cliente."
 
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 msgid "Checks if the request's user's password has been changed in the last x days, and denys based on settings."
@@ -1835,8 +1833,8 @@ msgid "Deny the user access"
 msgstr "Denegar el acceso al usuario"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
-msgstr ""
+#~ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
+#~ msgstr ""
 
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
@@ -2317,7 +2315,6 @@ msgstr "Ejecutar el fragmento Python para determinar si se permite o deniega una
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Execution logging"
@@ -2484,7 +2481,6 @@ msgstr "Campo"
 msgid "Field Key"
 msgstr "Clave de campo"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Field key to check, field keys defined in Prompt stages are available."
 msgstr "Clave de campo para comprobar, están disponibles las claves de campo definidas en las etapas de solicitud."
@@ -3197,7 +3193,11 @@ msgstr ""
 #~ msgstr "Algoritmo JWT"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgstr ""
+
+#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
+msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
 msgstr ""
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
@@ -3677,7 +3677,6 @@ msgstr "Mis aplicaciones"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingLDAPForm.ts
@@ -4307,7 +4306,6 @@ msgstr "Contraseña"
 #~ msgid "Password expiry policy"
 #~ msgstr ""
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Password field"
 msgstr "Campo de contraseña"
@@ -4464,7 +4462,6 @@ msgstr "Política {0}"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Policy-specific settings"
 msgstr "Configuración específica de políticas"
@@ -5725,7 +5722,6 @@ msgstr "Puesto avanzado creado correctamente."
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully created policy."
@@ -5907,7 +5903,6 @@ msgstr "La contraseña se actualizó correctamente."
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully updated policy."
@@ -7331,7 +7326,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
diff --git a/web/src/locales/fr_FR.po b/web/src/locales/fr_FR.po
index 6c6d7de18..bedda7d67 100644
--- a/web/src/locales/fr_FR.po
+++ b/web/src/locales/fr_FR.po
@@ -389,7 +389,6 @@ msgstr "Autoriser les logins initiés par l'IDP"
 msgid "Allow friends to authenticate via Plex, even if you don't share any servers"
 msgstr "Autoriser les amis à s'authentifier via Plex, même si vous ne partagez aucun serveur"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allow up to N occurrences in the HIBP database."
 msgstr "Autoriser jusqu'à N occurrences dans la base de données HIBP"
@@ -402,7 +401,6 @@ msgstr "Permettre aux usagers l'utilisation d'applications sur la base de leurs
 msgid "Allowed Redirect URIs"
 msgstr "URL de redirection autorisées"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allowed count"
 msgstr "Total autoris"
@@ -1109,12 +1107,12 @@ msgid "Checkbox"
 msgstr "Case à cocher"
 
 #: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
-msgid ""
-"Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
-"Note that only a part of the hash of the password is sent, the full comparison is done clientside."
-msgstr ""
-"Vérifie une valeur de la requête via l'API de Have I Been Pwned et refuse l'accès selon la réponse.\n"
-"À noter que seul une partie de l'hash du mot de passe est envoyée, la comparaison complète est faite en local."
+#~ msgid ""
+#~ "Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
+#~ "Note that only a part of the hash of the password is sent, the full comparison is done clientside."
+#~ msgstr ""
+#~ "Vérifie une valeur de la requête via l'API de Have I Been Pwned et refuse l'accès selon la réponse.\n"
+#~ "À noter que seul une partie de l'hash du mot de passe est envoyée, la comparaison complète est faite en local."
 
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 msgid "Checks if the request's user's password has been changed in the last x days, and denys based on settings."
@@ -1838,8 +1836,8 @@ msgid "Deny the user access"
 msgstr "Refuser l'accès à l'utilisateu"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
-msgstr ""
+#~ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
+#~ msgstr ""
 
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
@@ -2320,7 +2318,6 @@ msgstr "Exécute le fragment de code python pour décider d'autoriser ou non la
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Execution logging"
@@ -2487,7 +2484,6 @@ msgstr "Champ"
 msgid "Field Key"
 msgstr "Clé du champ"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Field key to check, field keys defined in Prompt stages are available."
 msgstr "Clé de champ à vérifier ; les clés de champ définies dans les étapes de d'invite sont disponibles."
@@ -3198,7 +3194,11 @@ msgstr ""
 #~ msgstr "Algorithme JWT"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgstr ""
+
+#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
+msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
 msgstr ""
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
@@ -3678,7 +3678,6 @@ msgstr "Mes applications"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingLDAPForm.ts
@@ -4308,7 +4307,6 @@ msgstr "Mot de passe"
 #~ msgid "Password expiry policy"
 #~ msgstr "Politique d'expiration du mot de passe"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Password field"
 msgstr "Champ mot de passe"
@@ -4465,7 +4463,6 @@ msgstr "Poliitique {0}"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Policy-specific settings"
 msgstr "Paramètres spécifiques à la politique"
@@ -5726,7 +5723,6 @@ msgstr "Avant-poste créé avec succès"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully created policy."
@@ -5908,7 +5904,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully updated policy."
@@ -7322,7 +7317,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
diff --git a/web/src/locales/pl.po b/web/src/locales/pl.po
index 74b1167af..e99a93ca7 100644
--- a/web/src/locales/pl.po
+++ b/web/src/locales/pl.po
@@ -388,7 +388,6 @@ msgstr "Zezwalaj na logowanie inicjowane przez IDP"
 msgid "Allow friends to authenticate via Plex, even if you don't share any servers"
 msgstr "Zezwalaj znajomym na uwierzytelnianie przez Plex, nawet jeśli nie udostępniasz żadnych serwerów"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allow up to N occurrences in the HIBP database."
 msgstr "Dopuść do N wystąpień w bazie danych HIBP."
@@ -401,7 +400,6 @@ msgstr "Zezwalaj użytkownikom na korzystanie z aplikacji na podstawie właściw
 msgid "Allowed Redirect URIs"
 msgstr "Dozwolone URI przekierowania"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allowed count"
 msgstr "Dozwolona liczba"
@@ -1110,12 +1108,12 @@ msgid "Checkbox"
 msgstr "Pole wyboru"
 
 #: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
-msgid ""
-"Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
-"Note that only a part of the hash of the password is sent, the full comparison is done clientside."
-msgstr ""
-"Sprawdza wartość z żądania zasad względem interfejsu API Have I been Pwned i na tej podstawie odrzuca żądanie.\n"
-"Zwróć uwagę, że wysyłana jest tylko część skrótu hasła, pełne porównanie odbywa się po stronie klienta."
+#~ msgid ""
+#~ "Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
+#~ "Note that only a part of the hash of the password is sent, the full comparison is done clientside."
+#~ msgstr ""
+#~ "Sprawdza wartość z żądania zasad względem interfejsu API Have I been Pwned i na tej podstawie odrzuca żądanie.\n"
+#~ "Zwróć uwagę, że wysyłana jest tylko część skrótu hasła, pełne porównanie odbywa się po stronie klienta."
 
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 msgid "Checks if the request's user's password has been changed in the last x days, and denys based on settings."
@@ -1841,8 +1839,8 @@ msgid "Deny the user access"
 msgstr "Odmów użytkownikowi dostępu"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
-msgstr "Przestarzałe. Zamiast używać tego pola, skonfiguruj dane/adres URL JWKS w Źródłach."
+#~ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
+#~ msgstr "Przestarzałe. Zamiast używać tego pola, skonfiguruj dane/adres URL JWKS w Źródłach."
 
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
@@ -2323,7 +2321,6 @@ msgstr "Wykonuje fragment kodu Pythona, aby określić, czy zezwolić, czy odrzu
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Execution logging"
@@ -2490,7 +2487,6 @@ msgstr "Pole"
 msgid "Field Key"
 msgstr "Klucz pola"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Field key to check, field keys defined in Prompt stages are available."
 msgstr "Klucz pola do sprawdzenia, dostępne są klucze pola zdefiniowane w etapach monitu."
@@ -3205,8 +3201,12 @@ msgstr ""
 #~ msgstr "Algorytm JWT"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
-msgstr "JWTs podpisane przez certyfikaty skonfigurowane tutaj mogą służyć do uwierzytelniania u dostawcy."
+#~ msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgstr "JWTs podpisane przez certyfikaty skonfigurowane tutaj mogą służyć do uwierzytelniania u dostawcy."
+
+#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
+msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
+msgstr ""
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Key used to sign the tokens."
@@ -3685,7 +3685,6 @@ msgstr "Moje aplikacje"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingLDAPForm.ts
@@ -4315,7 +4314,6 @@ msgstr "Hasło"
 #~ msgid "Password expiry policy"
 #~ msgstr "Zasada wygaśnięcia hasła"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Password field"
 msgstr "Pole hasła"
@@ -4474,7 +4472,6 @@ msgstr "Zasada {0}"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Policy-specific settings"
 msgstr "Ustawienia specyficzne zasady"
@@ -5735,7 +5732,6 @@ msgstr "Pomyślnie utworzono placówkę."
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully created policy."
@@ -5917,7 +5913,6 @@ msgstr "Pomyślnie zaktualizowano hasło."
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully updated policy."
@@ -7343,7 +7338,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po
index f57cfac44..92fe68676 100644
--- a/web/src/locales/pseudo-LOCALE.po
+++ b/web/src/locales/pseudo-LOCALE.po
@@ -385,7 +385,6 @@ msgstr ""
 msgid "Allow friends to authenticate via Plex, even if you don't share any servers"
 msgstr ""
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allow up to N occurrences in the HIBP database."
 msgstr ""
@@ -398,7 +397,6 @@ msgstr ""
 msgid "Allowed Redirect URIs"
 msgstr ""
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allowed count"
 msgstr ""
@@ -1114,10 +1112,10 @@ msgid "Checkbox"
 msgstr ""
 
 #: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
-msgid ""
-"Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
-"Note that only a part of the hash of the password is sent, the full comparison is done clientside."
-msgstr ""
+#~ msgid ""
+#~ "Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
+#~ "Note that only a part of the hash of the password is sent, the full comparison is done clientside."
+#~ msgstr ""
 
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 msgid "Checks if the request's user's password has been changed in the last x days, and denys based on settings."
@@ -1857,8 +1855,8 @@ msgid "Deny the user access"
 msgstr ""
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
-msgstr ""
+#~ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
+#~ msgstr ""
 
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
@@ -2362,7 +2360,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Execution logging"
@@ -2530,7 +2527,6 @@ msgstr ""
 msgid "Field Key"
 msgstr ""
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Field key to check, field keys defined in Prompt stages are available."
 msgstr ""
@@ -3255,7 +3251,11 @@ msgstr ""
 #~ msgstr ""
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgstr ""
+
+#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
+msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
 msgstr ""
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
@@ -3740,7 +3740,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingLDAPForm.ts
@@ -4387,7 +4386,6 @@ msgstr ""
 #~ msgid "Password expiry policy"
 #~ msgstr ""
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Password field"
 msgstr ""
@@ -4553,7 +4551,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Policy-specific settings"
 msgstr ""
@@ -5858,7 +5855,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully created policy."
@@ -6043,7 +6039,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully updated policy."
@@ -7482,7 +7477,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
diff --git a/web/src/locales/tr.po b/web/src/locales/tr.po
index 2aa0de7fa..633fa45f5 100644
--- a/web/src/locales/tr.po
+++ b/web/src/locales/tr.po
@@ -384,7 +384,6 @@ msgstr "IDP tarafından başlatılan oturumlara izin ver"
 msgid "Allow friends to authenticate via Plex, even if you don't share any servers"
 msgstr "Herhangi bir sunucu paylaşmasan bile arkadaşlarının Plex aracılığıyla kimlik doğrulamasına izin ver"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allow up to N occurrences in the HIBP database."
 msgstr "HIBP veritabanında N oluşumuna kadar izin ver."
@@ -397,7 +396,6 @@ msgstr "Kullanıcıların özelliklere göre Uygulamaları kullanmasına, Parola
 msgid "Allowed Redirect URIs"
 msgstr "İzin Verilen Yeniden Yönlendirme URI'leri"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allowed count"
 msgstr "İzin verilen sayısı"
@@ -1104,12 +1102,12 @@ msgid "Checkbox"
 msgstr "Onay Kutusu"
 
 #: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
-msgid ""
-"Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
-"Note that only a part of the hash of the password is sent, the full comparison is done clientside."
-msgstr ""
-"İlke isteğindeki bir değeri Pwned Oldum API'sine karşı denetler ve isteği buna dayanarak reddeder.\n"
-"Parolanın karma yalnızca bir kısmının gönderildiğini unutmayın, tam karşılaştırma istemci tarafında yapılır."
+#~ msgid ""
+#~ "Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
+#~ "Note that only a part of the hash of the password is sent, the full comparison is done clientside."
+#~ msgstr ""
+#~ "İlke isteğindeki bir değeri Pwned Oldum API'sine karşı denetler ve isteği buna dayanarak reddeder.\n"
+#~ "Parolanın karma yalnızca bir kısmının gönderildiğini unutmayın, tam karşılaştırma istemci tarafında yapılır."
 
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 msgid "Checks if the request's user's password has been changed in the last x days, and denys based on settings."
@@ -1835,8 +1833,8 @@ msgid "Deny the user access"
 msgstr "Kullanıcı erişimini engelle"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
-msgstr ""
+#~ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
+#~ msgstr ""
 
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
@@ -2317,7 +2315,6 @@ msgstr "Bir isteğe izin verip reddedilmeyeceğini belirlemek için python parç
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Execution logging"
@@ -2484,7 +2481,6 @@ msgstr "Alan"
 msgid "Field Key"
 msgstr "Alan Anahtarı"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Field key to check, field keys defined in Prompt stages are available."
 msgstr "Alan tuşu kontrol etmek için, İstem aşamalarında tanımlanan alan tuşları mevcuttur."
@@ -3197,7 +3193,11 @@ msgstr ""
 #~ msgstr "JWT Algoritması"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgstr ""
+
+#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
+msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
 msgstr ""
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
@@ -3677,7 +3677,6 @@ msgstr "Uygulamalarım"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingLDAPForm.ts
@@ -4307,7 +4306,6 @@ msgstr "Parola"
 #~ msgid "Password expiry policy"
 #~ msgstr ""
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Password field"
 msgstr "Parola alanı"
@@ -4464,7 +4462,6 @@ msgstr "İlke {0}"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Policy-specific settings"
 msgstr "İlke özel ayarlar"
@@ -5725,7 +5722,6 @@ msgstr "Üs başarıyla oluşturdu."
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully created policy."
@@ -5907,7 +5903,6 @@ msgstr "Parola başarıyla güncellendi."
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully updated policy."
@@ -7331,7 +7326,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
diff --git a/web/src/locales/zh-Hans.po b/web/src/locales/zh-Hans.po
index 6a4a26d61..c78c1236c 100644
--- a/web/src/locales/zh-Hans.po
+++ b/web/src/locales/zh-Hans.po
@@ -390,7 +390,6 @@ msgstr "允许 IDP 发起的登录"
 msgid "Allow friends to authenticate via Plex, even if you don't share any servers"
 msgstr "允许好友通过 Plex 进行身份验证，即使您不共享任何服务器。"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allow up to N occurrences in the HIBP database."
 msgstr "HIBP 数据库中最多允许 N 次出现。"
@@ -403,7 +402,6 @@ msgstr "允许用户根据属性使用应用程序、强制使用密码标准以
 msgid "Allowed Redirect URIs"
 msgstr "允许的重定向 URI"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allowed count"
 msgstr "允许的计数"
@@ -1112,12 +1110,12 @@ msgid "Checkbox"
 msgstr "复选框"
 
 #: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
-msgid ""
-"Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
-"Note that only a part of the hash of the password is sent, the full comparison is done clientside."
-msgstr ""
-"根据 Have I been Pwned API 检查策略请求中的值，以此拒绝请求。\n"
-"请注意，只有一部分密码哈希值被发送，完整的比较是在客户端完成的。"
+#~ msgid ""
+#~ "Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
+#~ "Note that only a part of the hash of the password is sent, the full comparison is done clientside."
+#~ msgstr ""
+#~ "根据 Have I been Pwned API 检查策略请求中的值，以此拒绝请求。\n"
+#~ "请注意，只有一部分密码哈希值被发送，完整的比较是在客户端完成的。"
 
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 msgid "Checks if the request's user's password has been changed in the last x days, and denys based on settings."
@@ -1843,8 +1841,8 @@ msgid "Deny the user access"
 msgstr "拒绝用户访问"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
-msgstr "已弃用。请在身份来源中配置 JWKS 数据 / URL 代替此字段。"
+#~ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
+#~ msgstr "已弃用。请在身份来源中配置 JWKS 数据 / URL 代替此字段。"
 
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
@@ -2325,7 +2323,6 @@ msgstr "执行 Python 代码段以确定是允许还是拒绝请求。"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Execution logging"
@@ -2492,7 +2489,6 @@ msgstr "字段"
 msgid "Field Key"
 msgstr "字段键"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Field key to check, field keys defined in Prompt stages are available."
 msgstr "要检查的字段键，可以使用输入阶段中定义的字段键。"
@@ -3205,8 +3201,12 @@ msgstr ""
 #~ msgstr "JWT 算法"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
-msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
+#~ msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
+
+#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
+msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
+msgstr ""
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Key used to sign the tokens."
@@ -3685,7 +3685,6 @@ msgstr "我的应用"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingLDAPForm.ts
@@ -4315,7 +4314,6 @@ msgstr "密码"
 #~ msgid "Password expiry policy"
 #~ msgstr "密码过期策略"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Password field"
 msgstr "密码字段"
@@ -4472,7 +4470,6 @@ msgstr "策略 {0}"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Policy-specific settings"
 msgstr "特定策略设置"
@@ -5733,7 +5730,6 @@ msgstr "已成功创建前哨。"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully created policy."
@@ -5915,7 +5911,6 @@ msgstr "已成功更新密码。"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully updated policy."
@@ -7341,7 +7336,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
diff --git a/web/src/locales/zh-Hant.po b/web/src/locales/zh-Hant.po
index 4bf148bb2..1d04bae8c 100644
--- a/web/src/locales/zh-Hant.po
+++ b/web/src/locales/zh-Hant.po
@@ -390,7 +390,6 @@ msgstr "允许 IDP 发起的登入"
 msgid "Allow friends to authenticate via Plex, even if you don't share any servers"
 msgstr "允许好友通过Plex进行身份验证，即使您不共享任何服务器"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allow up to N occurrences in the HIBP database."
 msgstr "HIBP 数据库中最多允许 N 次出现。"
@@ -403,7 +402,6 @@ msgstr "允许用户根据属性使用应用程序、强制使用密码标准以
 msgid "Allowed Redirect URIs"
 msgstr "允许的重定向 URI"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allowed count"
 msgstr "允许计数"
@@ -1112,12 +1110,12 @@ msgid "Checkbox"
 msgstr "复选框"
 
 #: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
-msgid ""
-"Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
-"Note that only a part of the hash of the password is sent, the full comparison is done clientside."
-msgstr ""
-"根据我是否拥有 API 检查策略请求中的值，然后根据该值拒绝请求。\n"
-"请注意，只有一部分密码哈希值被发送，完整的比较是在客户端完成的。"
+#~ msgid ""
+#~ "Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
+#~ "Note that only a part of the hash of the password is sent, the full comparison is done clientside."
+#~ msgstr ""
+#~ "根据我是否拥有 API 检查策略请求中的值，然后根据该值拒绝请求。\n"
+#~ "请注意，只有一部分密码哈希值被发送，完整的比较是在客户端完成的。"
 
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 msgid "Checks if the request's user's password has been changed in the last x days, and denys based on settings."
@@ -1843,8 +1841,8 @@ msgid "Deny the user access"
 msgstr "拒绝用户访问"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
-msgstr ""
+#~ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
+#~ msgstr ""
 
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
@@ -2325,7 +2323,6 @@ msgstr "执行 python 代码段以确定是允许还是拒绝请求。"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Execution logging"
@@ -2492,7 +2489,6 @@ msgstr "字段"
 msgid "Field Key"
 msgstr "字段键"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Field key to check, field keys defined in Prompt stages are available."
 msgstr "要检查的字段键，提示阶段中定义的字段键可用。"
@@ -3205,8 +3201,12 @@ msgstr ""
 #~ msgstr "JWT 算法"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
-msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
+#~ msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
+
+#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
+msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
+msgstr ""
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Key used to sign the tokens."
@@ -3685,7 +3685,6 @@ msgstr "我的应用"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingLDAPForm.ts
@@ -4315,7 +4314,6 @@ msgstr "密码"
 #~ msgid "Password expiry policy"
 #~ msgstr "密码过期策略"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Password field"
 msgstr "“密码” 字段"
@@ -4472,7 +4470,6 @@ msgstr "策略 {0}"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Policy-specific settings"
 msgstr "特定于策略的设置"
@@ -5733,7 +5730,6 @@ msgstr "已成功创建 Outpost。"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully created policy."
@@ -5915,7 +5911,6 @@ msgstr "已成功更新密码。"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully updated policy."
@@ -7341,7 +7336,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
diff --git a/web/src/locales/zh_TW.po b/web/src/locales/zh_TW.po
index ee7879c32..e21fc055b 100644
--- a/web/src/locales/zh_TW.po
+++ b/web/src/locales/zh_TW.po
@@ -390,7 +390,6 @@ msgstr "允许 IDP 发起的登入"
 msgid "Allow friends to authenticate via Plex, even if you don't share any servers"
 msgstr "允许好友通过Plex进行身份验证，即使您不共享任何服务器"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allow up to N occurrences in the HIBP database."
 msgstr "HIBP 数据库中最多允许 N 次出现。"
@@ -403,7 +402,6 @@ msgstr "允许用户根据属性使用应用程序、强制使用密码标准以
 msgid "Allowed Redirect URIs"
 msgstr "允许的重定向 URI"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Allowed count"
 msgstr "允许计数"
@@ -1112,12 +1110,12 @@ msgid "Checkbox"
 msgstr "复选框"
 
 #: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
-msgid ""
-"Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
-"Note that only a part of the hash of the password is sent, the full comparison is done clientside."
-msgstr ""
-"根据我是否拥有 API 检查策略请求中的值，然后根据该值拒绝请求。\n"
-"请注意，只有一部分密码哈希值被发送，完整的比较是在客户端完成的。"
+#~ msgid ""
+#~ "Checks a value from the policy request against the Have I been Pwned API, and denys the request based upon that.\n"
+#~ "Note that only a part of the hash of the password is sent, the full comparison is done clientside."
+#~ msgstr ""
+#~ "根据我是否拥有 API 检查策略请求中的值，然后根据该值拒绝请求。\n"
+#~ "请注意，只有一部分密码哈希值被发送，完整的比较是在客户端完成的。"
 
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 msgid "Checks if the request's user's password has been changed in the last x days, and denys based on settings."
@@ -1843,8 +1841,8 @@ msgid "Deny the user access"
 msgstr "拒绝用户访问"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
-msgstr ""
+#~ msgid "Deprecated. Instead of using this field, configure the JWKS data/URL in Sources."
+#~ msgstr ""
 
 #: src/admin/applications/ApplicationForm.ts
 #: src/admin/applications/wizard/InitialApplicationWizardPage.ts
@@ -2325,7 +2323,6 @@ msgstr "执行 python 代码段以确定是允许还是拒绝请求。"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Execution logging"
@@ -2492,7 +2489,6 @@ msgstr "字段"
 msgid "Field Key"
 msgstr "字段键"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Field key to check, field keys defined in Prompt stages are available."
 msgstr "要检查的字段键，提示阶段中定义的字段键可用。"
@@ -3205,8 +3201,12 @@ msgstr ""
 #~ msgstr "JWT 算法"
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
-msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
-msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
+#~ msgid "JWTs signed by certificates configured here can be used to authenticate to the provider."
+#~ msgstr "此处配置的证书签名的 JWT 可以用于此提供程序的身份验证。"
+
+#: src/admin/providers/oauth2/OAuth2ProviderForm.ts
+msgid "JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider."
+msgstr ""
 
 #: src/admin/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Key used to sign the tokens."
@@ -3685,7 +3685,6 @@ msgstr "我的应用"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 #: src/admin/property-mappings/PropertyMappingLDAPForm.ts
@@ -4315,7 +4314,6 @@ msgstr "密码"
 #~ msgid "Password expiry policy"
 #~ msgstr "密码过期策略"
 
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 msgid "Password field"
 msgstr "“密码” 字段"
@@ -4472,7 +4470,6 @@ msgstr "策略 {0}"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Policy-specific settings"
 msgstr "特定于策略的设置"
@@ -5733,7 +5730,6 @@ msgstr "已成功创建 Outpost。"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully created policy."
@@ -5915,7 +5911,6 @@ msgstr "已成功更新密码。"
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "Successfully updated policy."
@@ -7341,7 +7336,6 @@ msgstr ""
 #: src/admin/policies/event_matcher/EventMatcherPolicyForm.ts
 #: src/admin/policies/expiry/ExpiryPolicyForm.ts
 #: src/admin/policies/expression/ExpressionPolicyForm.ts
-#: src/admin/policies/hibp/HaveIBeenPwnedPolicyForm.ts
 #: src/admin/policies/password/PasswordPolicyForm.ts
 #: src/admin/policies/reputation/ReputationPolicyForm.ts
 msgid "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
diff --git a/website/docs/releases/2023/v2023.1.md b/website/docs/releases/2023/v2023.1.md
index a1e0b533d..e1bc12a61 100644
--- a/website/docs/releases/2023/v2023.1.md
+++ b/website/docs/releases/2023/v2023.1.md
@@ -3,6 +3,12 @@ title: Release 2023.1
 slug: "/releases/2023.1"
 ---
 
+## Breaking changes
+
+-   Deprecated HaveIBeenPwned policy has been removed
+
+    This policy type has been deprecated since 2022.11 and was automatically migrated to the password policy with equivalent options.
+
 ## New features
 
 -   SLO Support for SAML provider