diff --git a/changelogs/application_service/newsfragments/1744.clarification b/changelogs/application_service/newsfragments/1744.clarification
new file mode 100644
index 00000000..908c48ab
--- /dev/null
+++ b/changelogs/application_service/newsfragments/1744.clarification
@@ -0,0 +1 @@
+Clarify that the `/login` and `/register` endpoints should fail when using the `m.login.application_service` login type without a valid `as_token`.
diff --git a/content/application-service-api.md b/content/application-service-api.md
index f3db06cf..2ea82f22 100644
--- a/content/application-service-api.md
+++ b/content/application-service-api.md
@@ -436,6 +436,10 @@ an application service-defined namespace will receive the same
 `M_EXCLUSIVE` error code, but only if the application service has
 defined the namespace as `exclusive`.
 
+If either endpoint is called with the `m.login.application_service` login type,
+but without a valid `as_token`, the endpoints will return `M_MISSING_TOKEN` or
+`M_UNKNOWN_TOKEN`.
+
 #### Pinging
 
 {{% added-in v="1.7" %}}