diff --git a/nomad/mock/acl.go b/nomad/mock/acl.go
index 54d116c08..e86701fbd 100644
--- a/nomad/mock/acl.go
+++ b/nomad/mock/acl.go
@@ -268,7 +268,7 @@ func ACLOIDCAuthMethod() *structs.ACLAuthMethod {
 	method := structs.ACLAuthMethod{
 		Name:          fmt.Sprintf("acl-auth-method-%s", uuid.Short()),
 		Type:          "OIDC",
-		TokenLocality: "local",
+		TokenLocality: structs.ACLAuthMethodTokenLocalityLocal,
 		MaxTokenTTL:   maxTokenTTL,
 		Default:       false,
 		Config: &structs.ACLAuthMethodConfig{
@@ -297,7 +297,7 @@ func ACLJWTAuthMethod() *structs.ACLAuthMethod {
 	method := structs.ACLAuthMethod{
 		Name:          fmt.Sprintf("acl-auth-method-%s", uuid.Short()),
 		Type:          "JWT",
-		TokenLocality: "local",
+		TokenLocality: structs.ACLAuthMethodTokenLocalityLocal,
 		MaxTokenTTL:   maxTokenTTL,
 		Default:       false,
 		Config: &structs.ACLAuthMethodConfig{
diff --git a/nomad/structs/acl.go b/nomad/structs/acl.go
index 1aab0e484..63359b714 100644
--- a/nomad/structs/acl.go
+++ b/nomad/structs/acl.go
@@ -222,7 +222,7 @@ var (
 	// ValidACLAuthMethod is used to validate an ACL auth method name.
 	ValidACLAuthMethod = regexp.MustCompile("^[a-zA-Z0-9-]{1,128}$")
 
-	// ValitACLAuthMethodTypes lists supported auth method types.
+	// ValidACLAuthMethodTypes lists supported auth method types.
 	ValidACLAuthMethodTypes = []string{ACLAuthMethodTypeOIDC, ACLAuthMethodTypeJWT}
 )
 
@@ -924,7 +924,7 @@ func (a *ACLAuthMethod) Validate(minTTL, maxTTL time.Duration) error {
 		mErr.Errors = append(mErr.Errors, fmt.Errorf("invalid name '%s'", a.Name))
 	}
 
-	if !slices.Contains([]string{"local", "global"}, a.TokenLocality) {
+	if !slices.Contains([]string{ACLAuthMethodTokenLocalityLocal, ACLAuthMethodTokenLocalityGlobal}, a.TokenLocality) {
 		mErr.Errors = append(
 			mErr.Errors, fmt.Errorf("invalid token locality '%s'", a.TokenLocality))
 	}
@@ -945,7 +945,9 @@ func (a *ACLAuthMethod) Validate(minTTL, maxTTL time.Duration) error {
 
 // TokenLocalityIsGlobal returns whether the auth method creates global ACL
 // tokens or not.
-func (a *ACLAuthMethod) TokenLocalityIsGlobal() bool { return a.TokenLocality == "global" }
+func (a *ACLAuthMethod) TokenLocalityIsGlobal() bool {
+	return a.TokenLocality == ACLAuthMethodTokenLocalityGlobal
+}
 
 // ACLAuthMethodConfig is used to store configuration of an auth method
 type ACLAuthMethodConfig struct {