diff --git a/application/index/controller/Index.php b/application/index/controller/Index.php
index 2fbfbcf..8579ac6 100644
--- a/application/index/controller/Index.php
+++ b/application/index/controller/Index.php
@@ -196,7 +196,7 @@ class Index extends BasicApi
     }
 
     /**
-     *刷新token
+     * 刷新token
      */
     public function refreshAccessToken()
     {
@@ -205,7 +205,10 @@ class Index extends BasicApi
         if (isError($data)) {
             $this->error('token过期，请重新登录', 401);
         }
-        $this->success('', JwtService::getAccessToken(get_object_vars($data->data)));
+        $accessToken = JwtService::getAccessToken(get_object_vars($data->data));
+        $accessTokenExp = JwtService::decodeToken($accessToken)->exp;
+        $tokenList['accessTokenExp'] = $accessTokenExp;
+        $this->success('', ['accessToken' => $accessToken, 'accessTokenExp' => $accessTokenExp]);
 
     }
 
diff --git a/application/project/middleware/Auth.php b/application/project/middleware/Auth.php
index 648f13a..012c0fa 100644
--- a/application/project/middleware/Auth.php
+++ b/application/project/middleware/Auth.php
@@ -30,21 +30,22 @@ class Auth
         if ($currentOrganizationCode) {
             setCurrentOrganizationCode($currentOrganizationCode);
         }
-        $authorization = $request->header('Authorization');
-        $accessToken = '';
-        if ($authorization) {
-            $accessToken = explode(' ', $authorization)[1];
-        }
-        $data = JwtService::decodeToken($accessToken);
         // 登录状态检查
         if (!empty($access['is_login'])) {
+            $authorization = $request->header('Authorization');
+            $accessToken = '';
+            if ($authorization) {
+                $accessToken = explode(' ', $authorization)[1];
+            }
+            $data = JwtService::decodeToken($accessToken);
             $isError = isError($data);
             if ($isError) {
+                //TODO 启用refreshToken
                 if ($data['errno'] == 3) {
-                    $msg = ['code' => 4010, 'msg' => 'accessToken过期'];
+                    $msg = ['code' => 401, 'msg' => 'accessToken过期'];
                     return json($msg);
                 }
-                $msg = ['code' => 401, 'msg' => 'token过期，请重新登录'];
+                $msg = ['code' => 402, 'msg' => 'token过期，请重新登录'];
                 return json($msg);
             }
             setCurrentMember(get_object_vars($data->data));
diff --git a/config/jwt.php b/config/jwt.php
index f0a6d6f..d805ee8 100644
--- a/config/jwt.php
+++ b/config/jwt.php
@@ -5,7 +5,7 @@ return [
     'key' => 'pearProject',
     'alg' => 'HS256',
     //access_token有效时间
-    'accessTokenExp' => 20,
+    'accessTokenExp' => 3600,
     //refresh_token有效时间
     'refreshTokenExp' => 3600 * 24 * 7,
     //签发者 可选
diff --git a/extend/service/JwtService.php b/extend/service/JwtService.php
index 2749962..8c3b9cc 100644
--- a/extend/service/JwtService.php
+++ b/extend/service/JwtService.php
@@ -100,7 +100,7 @@ class JwtService
     public static function decodeToken($token)
     {
         $jwtConfig = config('jwt.');
-        JWT::$leeway = 60;//当前时间减去60，把时间留点余地
+//        JWT::$leeway = 60; //当前时间减去60，把时间留点余地
         try {
             $decoded = JWT::decode($token, $jwtConfig['key'], array($jwtConfig['alg']));//解密方式，这里要和签发的时候对应
         } catch (\Firebase\JWT\SignatureInvalidException $e) {  //签名不正确