diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index e659d7e6d4..507c9c37e6 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -495,11 +495,6 @@ INTERNAL_TOKEN=
 ;; Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations.
 ;; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
 ;SUCCESSFUL_TOKENS_CACHE_SIZE = 20
-;;
-;; Reject API tokens sent in URL query string (Accept Header-based API tokens only). This avoids security vulnerabilities
-;; stemming from cached/logged plain-text API tokens.
-;; In future releases, this will become the default behavior
-;DISABLE_QUERY_AUTH_TOKEN = false
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/modules/setting/security.go b/modules/setting/security.go
index 4adfe20635..92caa05fad 100644
--- a/modules/setting/security.go
+++ b/modules/setting/security.go
@@ -34,7 +34,6 @@ var (
 	PasswordHashAlgo                   string
 	PasswordCheckPwn                   bool
 	SuccessfulTokensCacheSize          int
-	DisableQueryAuthToken              bool
 	CSRFCookieName                     = "_csrf"
 	CSRFCookieHTTPOnly                 = true
 )
@@ -158,11 +157,4 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
 			PasswordComplexity = append(PasswordComplexity, name)
 		}
 	}
-
-	// TODO: default value should be true in future releases
-	DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false)
-
-	if !DisableQueryAuthToken {
-		log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.")
-	}
 }
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 6601a86dbb..e592175489 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -35,12 +35,10 @@
 //	     type: apiKey
 //	     name: token
 //	     in: query
-//	     description: This authentication option is deprecated for removal in Gitea 1.23. Please use AuthorizationHeaderToken instead.
 //	AccessToken:
 //	     type: apiKey
 //	     name: access_token
 //	     in: query
-//	     description: This authentication option is deprecated for removal in Gitea 1.23. Please use AuthorizationHeaderToken instead.
 //	AuthorizationHeaderToken:
 //	     type: apiKey
 //	     name: Authorization
@@ -807,13 +805,6 @@ func individualPermsChecker(ctx *context.APIContext) {
 	}
 }
 
-// check for and warn against deprecated authentication options
-func checkDeprecatedAuthMethods(ctx *context.APIContext) {
-	if ctx.FormString("token") != "" || ctx.FormString("access_token") != "" {
-		ctx.Resp.Header().Set("Warning", "token and access_token API authentication is deprecated and will be removed in gitea 1.23. Please use AuthorizationHeaderToken instead. Existing queries will continue to work but without authorization.")
-	}
-}
-
 // Routes registers all v1 APIs routes to web application.
 func Routes() *web.Route {
 	m := web.NewRoute()
@@ -832,8 +823,6 @@ func Routes() *web.Route {
 	}
 	m.Use(context.APIContexter())
 
-	m.Use(checkDeprecatedAuthMethods)
-
 	// Get user from session if logged in.
 	m.Use(apiAuth(buildAuthGroup()))
 
diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go
index f2f7858a85..08a2a05539 100644
--- a/services/auth/oauth2.go
+++ b/services/auth/oauth2.go
@@ -14,7 +14,6 @@ import (
 	auth_model "code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/web/middleware"
 	"code.gitea.io/gitea/services/auth/source/oauth2"
@@ -63,19 +62,14 @@ func (o *OAuth2) Name() string {
 // representing whether the token exists or not
 func parseToken(req *http.Request) (string, bool) {
 	_ = req.ParseForm()
-	if !setting.DisableQueryAuthToken {
-		// Check token.
-		if token := req.Form.Get("token"); token != "" {
-			return token, true
-		}
-		// Check access token.
-		if token := req.Form.Get("access_token"); token != "" {
-			return token, true
-		}
-	} else if req.Form.Get("token") != "" || req.Form.Get("access_token") != "" {
-		log.Warn("API token sent in query string but DISABLE_QUERY_AUTH_TOKEN=true")
+	// Check token.
+	if token := req.Form.Get("token"); token != "" {
+		return token, true
+	}
+	// Check access token.
+	if token := req.Form.Get("access_token"); token != "" {
+		return token, true
 	}
-
 	// check header token
 	if auHead := req.Header.Get("Authorization"); auHead != "" {
 		auths := strings.Fields(auHead)
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index c5ae426741..e8b4a35370 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -24259,7 +24259,6 @@
   },
   "securityDefinitions": {
     "AccessToken": {
-      "description": "This authentication option is deprecated for removal in Gitea 1.23. Please use AuthorizationHeaderToken instead.",
       "type": "apiKey",
       "name": "access_token",
       "in": "query"
@@ -24292,7 +24291,6 @@
       "in": "header"
     },
     "Token": {
-      "description": "This authentication option is deprecated for removal in Gitea 1.23. Please use AuthorizationHeaderToken instead.",
       "type": "apiKey",
       "name": "token",
       "in": "query"