Nextcloud token-based login?

Hey all -

We've got a Nextcloud instance that is public-facing, and as a result I have some "strict" password requirements on it. Specifically, I've got it set to mandatory 12-character alphanumeric passwords, with them being reset every 180 days. I figure that's a long enough period so as to not be horribly irritating, while still offering rotation in the event of some kind of a compromise.

Unfortunately, this complicates Joplin's direct synchronization to Nextcloud, especially on mobile devices where I can't just tell them "Hey, plop the note files in this subdirectory of my primary Nextcloud directory", because whenever the Nextcloud password changes, Joplin just sits there blasting away every five minutes (this is the default) with the incorrect credentials until my user account is locked out.

Fortunately for me, I'm the admin, but if I want more of my users to take advantage of this EXTREMELY useful feature while giving them a completely self-hosted, privacy-respecting, open-source solution for note-taking, this cannot work. I figure it would be nice if Joplin stopped trying to synchronize after, say, three attempts where it gets a "login failed" response, but I think the real solution is to convert Joplin to use a login token, the same way Nextcloud's desktop and mobile apps work - which would persist across password resets and only prompt them occasionally to re-enter their username and password.

Can't you just use the 'app password' feature of nextcloud so that Joplin gets its own password?