diff --git a/docs/source/glossary.rst b/docs/source/glossary.rst
index 69f1a655f906c8b1c89ac44bd67db2ec2c118be4..959d89761d27f3652cbae2d840a5e2ef2f7a3703 100644
--- a/docs/source/glossary.rst
+++ b/docs/source/glossary.rst
@@ -63,3 +63,6 @@ Glossary of terms
 
   WFO
     `Workflow Orchestrator <https://workfloworchestrator.org/>`_
+
+  AAI
+    Authentication and Authorisation Infrastructure
diff --git a/docs/source/module/auth/index.rst b/docs/source/module/auth/index.rst
new file mode 100644
index 0000000000000000000000000000000000000000..0ec5cd1fad1966607dbfaf3797235286bd08503c
--- /dev/null
+++ b/docs/source/module/auth/index.rst
@@ -0,0 +1,16 @@
+``gso.products``
+================
+
+.. automodule:: gso.auth
+   :members:
+   :show-inheritance:
+
+Subpackages
+-----------
+
+.. toctree::
+   :maxdepth: 1
+
+   oidc_policy_helper
+   security
+   settings
diff --git a/docs/source/module/auth/oidc_policy_helper.rst b/docs/source/module/auth/oidc_policy_helper.rst
new file mode 100644
index 0000000000000000000000000000000000000000..b01d9cdf938f149ee927af3120cd080e3bd719c2
--- /dev/null
+++ b/docs/source/module/auth/oidc_policy_helper.rst
@@ -0,0 +1,6 @@
+``gso.auth.oidc_policy_helper``
+====================================
+
+.. automodule:: gso.auth.oidc_policy_helper
+   :members:
+   :show-inheritance:
diff --git a/docs/source/module/auth/security.rst b/docs/source/module/auth/security.rst
new file mode 100644
index 0000000000000000000000000000000000000000..c933054270634dd3dd7500b7277fd657e16600c1
--- /dev/null
+++ b/docs/source/module/auth/security.rst
@@ -0,0 +1,6 @@
+``gso.auth.security``
+====================================
+
+.. automodule:: gso.auth.security
+   :members:
+   :show-inheritance:
diff --git a/docs/source/module/auth/settings.rst b/docs/source/module/auth/settings.rst
new file mode 100644
index 0000000000000000000000000000000000000000..2bc37fa8b5285b23bd956d1fcede332261ea5c88
--- /dev/null
+++ b/docs/source/module/auth/settings.rst
@@ -0,0 +1,6 @@
+``gso.auth.settings``
+====================================
+
+.. automodule:: gso.auth.settings
+   :members:
+   :show-inheritance:
diff --git a/docs/vale/styles/Vocab/geant-jargon/accept.txt b/docs/vale/styles/Vocab/geant-jargon/accept.txt
index 1d257c7ce79b1216f12842a1b7899a2986f9f817..aba8e760989154433f87263909a310907fe4a667 100644
--- a/docs/vale/styles/Vocab/geant-jargon/accept.txt
+++ b/docs/vale/styles/Vocab/geant-jargon/accept.txt
@@ -13,3 +13,4 @@ Dark_fiber
 [A|a]llocate
 PHASE 1
 [Mm]odify
+AAI
diff --git a/gso/auth/oidc_policy_helper.py b/gso/auth/oidc_policy_helper.py
index d9219cddabb8d0538cd7e484d9ea9d3941d0f037..945b7496d36f457574140dd191437af179b95f95 100644
--- a/gso/auth/oidc_policy_helper.py
+++ b/gso/auth/oidc_policy_helper.py
@@ -167,7 +167,7 @@ class OIDCUser(HTTPBearer):
     """OIDCUser class extends the :term:`HTTPBearer` class to do extra verification.
 
     The class will act as follows:
-        1. Validate the Credentials at AAI proxy by calling the UserInfo endpoint
+        1. Validate the Credentials at :term: `AAI` proxy by calling the UserInfo endpoint
     """
 
     openid_config: OIDCConfig | None = None
@@ -245,14 +245,9 @@ class OIDCUser(HTTPBearer):
     async def userinfo(self, async_request: AsyncClient, token: str) -> OIDCUserModel:
         """Get the userinfo from the openid server.
 
-        Args:
-        ----
-            async_request: The async request
-            token: the access_token
-
-        Returns:
-        -------
-            OIDCUserModel from openid server
+        :param AsyncClient async_request: The async request
+        :param str token: the access_token
+        :return: OIDCUserModel: OIDC user model from openid server
 
         """
         await self.check_openid_config(async_request)
@@ -289,15 +284,9 @@ class OIDCUser(HTTPBearer):
     async def introspect_token(self, async_request: AsyncClient, token: str) -> dict:
         """Introspect the access token to see if it is a valid token.
 
-        Args:
-        ----
-            async_request: The async request
-            token: the access_token
-
-        Returns:
-        -------
-            dict from openid server
-
+        :param async_request: The async request
+        :param token: the access_token
+        :return: dict from openid server
         """
         await self.check_openid_config(async_request)
         assert self.openid_config, "OpenID config should be loaded"  # noqa: S101
diff --git a/gso/auth/settings.py b/gso/auth/settings.py
index d8b281253f3548efb6d5a6f87c03329f496ec114..29c1fc806a8589b38158a3f95dddf3f10cb8bdf3 100644
--- a/gso/auth/settings.py
+++ b/gso/auth/settings.py
@@ -3,10 +3,7 @@
 authentication and authorization, including token validation and user authentication. Integrates
 with external authentication providers for enhanced security management.
 
-Todo:
-----
-Remove token and sensitive data from OPA console and API.
-
+Todo: Remove token and sensitive data from OPA console and API.
 """
 
 from pydantic import BaseSettings, Field
diff --git a/pyproject.toml b/pyproject.toml
index e345710ba1f602942d24b792649ea61c0d4f5ccb..5a2ca81c14941c381684b2b8d626f7b1c8323a3e 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -39,7 +39,6 @@ ignore = [
     "PLR0913",
     "PLR0904",
     "PLW1514",
-    "S106",
 ]
 line-length = 120
 select = [
diff --git a/test/auth/test_oidc_policy_helper.py b/test/auth/test_oidc_policy_helper.py
index a47e2d0fc714ec08b2fee8b8a4d247c1bc950c72..500b18cb6ee8420497768ee7ebde0ed364b46cdf 100644
--- a/test/auth/test_oidc_policy_helper.py
+++ b/test/auth/test_oidc_policy_helper.py
@@ -54,7 +54,7 @@ def oidc_user(mock_openid_config):
     user = OIDCUser(
         openid_url="https://example.proxy.aai.geant.org",
         resource_server_id="resource_server",
-        resource_server_secret="secret",
+        resource_server_secret="secret",  # noqa: S106
     )
     user.openid_config = OIDCConfig.parse_obj(mock_openid_config)
     return user
@@ -75,7 +75,10 @@ def mock_request():
 @pytest.fixture()
 def mock_oidc_user():
     oidc_user = AsyncMock(
-        OIDCUser, openid_url="https://example.com", resource_server_id="test", resource_server_secret="secret"
+        OIDCUser,
+        openid_url="https://example.com",
+        resource_server_id="test",
+        resource_server_secret="secret",  # noqa: S106
     )
     oidc_user.__call__ = AsyncMock(return_value=OIDCUserModel({"sub": "123", "name": "John Doe"}))
     return oidc_user
@@ -236,7 +239,7 @@ async def test_oidc_user_call_with_token(oidc_user, mock_request, mock_async_cli
     oidc_user.introspect_token = AsyncMock(return_value={"active": True})
     oidc_user.userinfo = AsyncMock(return_value=OIDCUserModel({"sub": "123", "name": "John Doe"}))
 
-    result = await oidc_user.__call__(mock_request, token="test_token")
+    result = await oidc_user.__call__(mock_request, token="test_token")  # noqa: S106
 
     assert isinstance(result, OIDCUserModel)
     assert result["sub"] == "123"
@@ -248,7 +251,7 @@ async def test_oidc_user_call_inactive_token(oidc_user, mock_request, mock_async
     oidc_user.introspect_token = AsyncMock(return_value={"active": False})
 
     with pytest.raises(HTTPException) as exc_info:
-        await oidc_user.__call__(mock_request, token="test_token")
+        await oidc_user.__call__(mock_request, token="test_token")  # noqa: S106
 
     assert exc_info.value.status_code == HTTPStatus.UNAUTHORIZED
     assert "User is not active" in str(exc_info.value.detail)