diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/security/TokenProvider.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/TokenProvider.java
index 3918568d..e13491bc 100644
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/security/TokenProvider.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/security/TokenProvider.java
@@ -18,7 +18,6 @@ package me.zhengjie.modules.security.security;
 import cn.hutool.core.date.DateField;
 import cn.hutool.core.date.DateUtil;
 import cn.hutool.core.util.IdUtil;
-import cn.hutool.core.util.ObjectUtil;
 import io.jsonwebtoken.*;
 import io.jsonwebtoken.io.Decoders;
 import io.jsonwebtoken.security.Keys;
@@ -28,19 +27,12 @@ import me.zhengjie.utils.RedisUtils;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Component;
-
 import javax.servlet.http.HttpServletRequest;
 import java.security.Key;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
+import java.util.*;
 import java.util.concurrent.TimeUnit;
-import java.util.stream.Collectors;
 
 /**
  * @author /
@@ -79,17 +71,9 @@ public class TokenProvider implements InitializingBean {
      * @return /
      */
     public String createToken(Authentication authentication) {
-        /*
-         * 获取权限列表
-         */
-        String authorities = authentication.getAuthorities().stream()
-                .map(GrantedAuthority::getAuthority)
-                .collect(Collectors.joining(","));
-
         return jwtBuilder
                 // 加入ID确保生成的 Token 都不一致
                 .setId(IdUtil.simpleUUID())
-                .claim(AUTHORITIES_KEY, authorities)
                 .setSubject(authentication.getName())
                 .compact();
     }
@@ -102,16 +86,8 @@ public class TokenProvider implements InitializingBean {
      */
     Authentication getAuthentication(String token) {
         Claims claims = getClaims(token);
-
-        // fix bug: 当前用户如果没有任何权限时，在输入用户名后，刷新验证码会抛IllegalArgumentException
-        Object authoritiesStr = claims.get(AUTHORITIES_KEY);
-        Collection<? extends GrantedAuthority> authorities =
-                ObjectUtil.isNotEmpty(authoritiesStr) ?
-                        Arrays.stream(authoritiesStr.toString().split(","))
-                                .map(SimpleGrantedAuthority::new)
-                                .collect(Collectors.toList()) : Collections.emptyList();
-        User principal = new User(claims.getSubject(), "******", authorities);
-        return new UsernamePasswordAuthenticationToken(principal, token, authorities);
+        User principal = new User(claims.getSubject(), "******", new ArrayList<>());
+        return new UsernamePasswordAuthenticationToken(principal, token, new ArrayList<>());
     }
 
     public Claims getClaims(String token) {