diff --git a/blade-auth/src/main/java/org/springblade/auth/config/BladeResourceServerConfiguration.java b/blade-auth/src/main/java/org/springblade/auth/config/BladeResourceServerConfiguration.java
index 03fd6668..a2acc30c 100644
--- a/blade-auth/src/main/java/org/springblade/auth/config/BladeResourceServerConfiguration.java
+++ b/blade-auth/src/main/java/org/springblade/auth/config/BladeResourceServerConfiguration.java
@@ -51,6 +51,7 @@ public class BladeResourceServerConfiguration extends ResourceServerConfigurerAd
 				"/actuator/**",
 				"/token/**",
 				"/oauth/captcha",
+				"/oauth/logout",
 				"/mobile/**",
 				"/v2/api-docs",
 				"/v2/api-docs-ext").permitAll()
diff --git a/blade-auth/src/main/java/org/springblade/auth/endpoint/BladeTokenEndPoint.java b/blade-auth/src/main/java/org/springblade/auth/endpoint/BladeTokenEndPoint.java
index b31be447..a805d209 100644
--- a/blade-auth/src/main/java/org/springblade/auth/endpoint/BladeTokenEndPoint.java
+++ b/blade-auth/src/main/java/org/springblade/auth/endpoint/BladeTokenEndPoint.java
@@ -21,6 +21,8 @@ import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springblade.common.cache.CacheNames;
 import org.springblade.core.redis.cache.BladeRedisCache;
+import org.springblade.core.secure.BladeUser;
+import org.springblade.core.secure.utils.AuthUtil;
 import org.springblade.core.tool.api.R;
 import org.springblade.core.tool.support.Kv;
 import org.springblade.core.tool.utils.StringUtil;
@@ -58,4 +60,10 @@ public class BladeTokenEndPoint {
 		return Kv.create().set("key", key).set("image", specCaptcha.toBase64());
 	}
 
+	@GetMapping("/oauth/logout")
+	public Kv logout() {
+		BladeUser user = AuthUtil.getUser();
+		return Kv.create().set("success", "true").set("account", user.getAccount());
+	}
+
 }
diff --git a/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java b/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java
index 10ef786f..c53541fc 100644
--- a/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java
+++ b/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java
@@ -18,11 +18,8 @@ package org.springblade.auth.utils;
 
 import lombok.SneakyThrows;
 import org.springblade.core.launch.constant.TokenConstant;
-import org.springblade.core.secure.utils.AuthUtil;
-import org.springblade.core.tool.utils.Charsets;
-import org.springblade.core.tool.utils.DateUtil;
-import org.springblade.core.tool.utils.StringPool;
-import org.springblade.core.tool.utils.WebUtil;
+import org.springblade.core.tool.constant.BladeConstant;
+import org.springblade.core.tool.utils.*;
 import org.springblade.system.entity.Tenant;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
@@ -140,7 +137,7 @@ public class TokenUtil {
 		if (tenant == null) {
 			throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_NO_TENANT);
 		}
-		if (AuthUtil.isAdministrator()) {
+		if (StringUtil.equalsIgnoreCase(tenant.getTenantId(), BladeConstant.ADMIN_TENANT_ID)) {
 			return false;
 		}
 		Date expireTime = tenant.getExpireTime();