diff --git a/blade-auth/src/main/java/org/springblade/auth/endpoint/BladeTokenEndPoint.java b/blade-auth/src/main/java/org/springblade/auth/endpoint/BladeTokenEndPoint.java
index bbdeccb3..67cb1cc4 100644
--- a/blade-auth/src/main/java/org/springblade/auth/endpoint/BladeTokenEndPoint.java
+++ b/blade-auth/src/main/java/org/springblade/auth/endpoint/BladeTokenEndPoint.java
@@ -119,7 +119,7 @@ public class BladeTokenEndPoint {
 		String token = JwtUtil.getToken(WebUtil.getRequest().getHeader(TokenConstant.HEADER));
 		// 清空redis保存的token
 		if (user != null && jwtProperties.getState()) {
-			JwtUtil.removeAccessToken(user.getTenantId(), String.valueOf(user.getUserId()), token);
+			JwtUtil.removeAccessToken(user.getTenantId(), user.getClientId(), String.valueOf(user.getUserId()), token);
 		}
 		// 清空资源服务器保存的token
 		OAuth2AccessToken accessToken = tokenStore.readAccessToken(token);
diff --git a/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java b/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java
index ad9bb89d..e097f2e5 100644
--- a/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java
+++ b/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java
@@ -201,8 +201,9 @@ public class BladeUserDetailsServiceImpl implements UserDetailsService {
 			String refreshToken = request.getParameter(TokenUtil.REFRESH_TOKEN_KEY);
 			Claims claims = JwtUtil.parseJWT(refreshToken);
 			String tenantId = String.valueOf(claims.get("tenant_id"));
+			String clientId = String.valueOf(claims.get("client_id"));
 			String userId = String.valueOf(claims.get("user_id"));
-			String token = JwtUtil.getRefreshToken(tenantId, userId, refreshToken);
+			String token = JwtUtil.getRefreshToken(tenantId, clientId, userId, refreshToken);
 			return StringUtil.equalsIgnoreCase(token, refreshToken);
 		}
 		return true;
diff --git a/blade-auth/src/main/java/org/springblade/auth/support/BladeJwtTokenEnhancer.java b/blade-auth/src/main/java/org/springblade/auth/support/BladeJwtTokenEnhancer.java
index 046ee702..314ff2a2 100644
--- a/blade-auth/src/main/java/org/springblade/auth/support/BladeJwtTokenEnhancer.java
+++ b/blade-auth/src/main/java/org/springblade/auth/support/BladeJwtTokenEnhancer.java
@@ -52,9 +52,10 @@ public class BladeJwtTokenEnhancer implements TokenEnhancer {
 
 		BladeUserDetails principal = (BladeUserDetails) authentication.getUserAuthentication().getPrincipal();
 
+		String clientId = TokenUtil.getClientIdFromHeader();
 		//token参数增强
 		Map<String, Object> info = new HashMap<>(16);
-		info.put(TokenUtil.CLIENT_ID, TokenUtil.getClientIdFromHeader());
+		info.put(TokenUtil.CLIENT_ID, clientId);
 		info.put(TokenUtil.USER_ID, Func.toStr(principal.getUserId()));
 		info.put(TokenUtil.DEPT_ID, Func.toStr(principal.getDeptId()));
 		info.put(TokenUtil.POST_ID, Func.toStr(principal.getPostId()));
@@ -77,12 +78,12 @@ public class BladeJwtTokenEnhancer implements TokenEnhancer {
 			String accessTokenValue = oAuth2AccessToken.getValue();
 			String tenantId = principal.getTenantId();
 			String userId = Func.toStr(principal.getUserId());
-			JwtUtil.addAccessToken(tenantId, userId, accessTokenValue, accessToken.getExpiresIn());
+			JwtUtil.addAccessToken(tenantId, clientId, userId, accessTokenValue, accessToken.getExpiresIn());
 
 			if (jwtProperties.getSingle()) {
 				OAuth2RefreshToken oAuth2RefreshToken = oAuth2AccessToken.getRefreshToken();
 				String refreshTokenValue = oAuth2RefreshToken.getValue();
-				JwtUtil.addRefreshToken(tenantId, userId, refreshTokenValue, accessToken.getExpiresIn() * 168);
+				JwtUtil.addRefreshToken(tenantId, clientId, userId, refreshTokenValue, accessToken.getExpiresIn() * 168);
 			}
 		}
 
diff --git a/blade-gateway/src/main/java/org/springblade/gateway/filter/AuthFilter.java b/blade-gateway/src/main/java/org/springblade/gateway/filter/AuthFilter.java
index 4175149f..eb453748 100644
--- a/blade-gateway/src/main/java/org/springblade/gateway/filter/AuthFilter.java
+++ b/blade-gateway/src/main/java/org/springblade/gateway/filter/AuthFilter.java
@@ -81,8 +81,9 @@ public class AuthFilter implements GlobalFilter, Ordered {
 		//判断 Token 状态
 		if (jwtProperties.getState()) {
 			String tenantId = String.valueOf(claims.get(TokenConstant.TENANT_ID));
+			String clientId = String.valueOf(claims.get(TokenConstant.CLIENT_ID));
 			String userId = String.valueOf(claims.get(TokenConstant.USER_ID));
-			String accessToken = JwtUtil.getAccessToken(tenantId, userId, token);
+			String accessToken = JwtUtil.getAccessToken(tenantId, clientId, userId, token);
 			if (!token.equalsIgnoreCase(accessToken)) {
 				return unAuth(resp, "令牌已失效");
 			}
diff --git a/doc/nacos/blade.yaml b/doc/nacos/blade.yaml
index 931cbff6..67b41408 100644
--- a/doc/nacos/blade.yaml
+++ b/doc/nacos/blade.yaml
@@ -83,6 +83,10 @@ blade:
   token:
     #是否有状态
     state: false
+    #是否单用户登录
+    single: false
+    #单用户登录范围
+    single-level: all
     #token签名
     #使用 blade-auth服务 @org.springblade.test.SignKeyGenerator 获取
     sign-key: 请配置32位签名