diff --git a/awx/api/filters.py b/awx/api/filters.py
index 680f6bc3e8..1c5a47f847 100644
--- a/awx/api/filters.py
+++ b/awx/api/filters.py
@@ -131,6 +131,8 @@ class FieldLookupBackend(BaseFilterBackend):
                     new_parts.append(name_alt)
                 else:
                     field = model._meta.get_field(name)
+                if 'auth' in name or 'token' in name:
+                    raise PermissionDenied(_('Filtering on %s is not allowed.' % name))
                 if isinstance(field, ForeignObjectRel) and getattr(field.field, '__prevent_search__', False):
                     raise PermissionDenied(_('Filtering on %s is not allowed.' % name))
                 elif getattr(field, '__prevent_search__', False):
diff --git a/awx/main/tests/unit/api/test_filters.py b/awx/main/tests/unit/api/test_filters.py
index c0dcf35299..12ff3663a5 100644
--- a/awx/main/tests/unit/api/test_filters.py
+++ b/awx/main/tests/unit/api/test_filters.py
@@ -4,11 +4,11 @@ import pytest
 
 from rest_framework.exceptions import PermissionDenied, ParseError
 from awx.api.filters import FieldLookupBackend
-from awx.main.models import (AdHocCommand, CustomInventoryScript,
-                             Credential, Job, JobTemplate, SystemJob,
-                             UnifiedJob, User, WorkflowJob,
-                             WorkflowJobTemplate, WorkflowJobOptions,
-                             InventorySource)
+from awx.main.models import (AdHocCommand, ActivityStream,
+                             CustomInventoryScript, Credential, Job,
+                             JobTemplate, SystemJob, UnifiedJob, User,
+                             WorkflowJob, WorkflowJobTemplate,
+                             WorkflowJobOptions, InventorySource)
 from awx.main.models.jobs import JobOptions
 
 
@@ -56,6 +56,8 @@ def test_filter_on_password_field(password_field, lookup_suffix):
 @pytest.mark.parametrize('model, query', [
     (User, 'password__icontains'),
     (User, 'settings__value__icontains'),
+    (User, 'main_oauth2accesstoken__token__gt'),
+    (User, 'main_oauth2application__name__gt'),
     (UnifiedJob, 'job_args__icontains'),
     (UnifiedJob, 'job_env__icontains'),
     (UnifiedJob, 'start_args__icontains'),
@@ -67,7 +69,9 @@ def test_filter_on_password_field(password_field, lookup_suffix):
     (WorkflowJob, 'survey_passwords__icontains'),
     (JobTemplate, 'survey_spec__icontains'),
     (WorkflowJobTemplate, 'survey_spec__icontains'),
-    (CustomInventoryScript, 'script__icontains')
+    (CustomInventoryScript, 'script__icontains'),
+    (ActivityStream, 'o_auth2_access_token__gt'),
+    (ActivityStream, 'o_auth2_application__gt')
 ])
 def test_filter_sensitive_fields_and_relations(model, query):
     field_lookup = FieldLookupBackend()