diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/token/DefaultTokenServices.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/token/DefaultTokenServices.java
index dd554113..cc47d1ac 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/token/DefaultTokenServices.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/token/DefaultTokenServices.java
@@ -147,7 +147,10 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, R
 			Apps app = appsService.get(clientId, true);
 			VisitedDto visited = new VisitedDto(app,principal.getSessionId());
 			visited.setToken(accessToken.getValue());
-			visited.setRefreshToken(accessToken.getRefreshToken().getValue());
+			//TODO: RefreshToken null 
+			if (refreshToken != null) {
+				visited.setRefreshToken(accessToken.getRefreshToken().getValue());
+			}
 			sessionManager.visited(principal.getSessionId(), visited);
 		}
 		return accessToken;