diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index ce245cf..63d6845 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -47,11 +47,27 @@ private function setJWTGuard(): void
 
             try {
                 $decoded = JWT::decode($jwt, $keys, $headers);
-                $request->attributes->add(['token_type' => $headers->typ]);
+                //                $request->attributes->add(['token_type' => $headers->typ]);
             } catch (Exception $e) {
                 return response()->json(['error' => 'Invalid token, '.$e->getMessage()], 401);
             }
 
+            // must id_token
+            if ($headers->typ !== 'id_token') {
+                return response()->json(['error' => 'The token not id_token'], 401);
+            }
+
+            // 检查是否有 字段
+            $required_fields = [
+                'name', 'sub',
+            ];
+
+            foreach ($required_fields as $field) {
+                if (! isset($decoded->$field)) {
+                    return response()->json(['error' => 'The token not contain the field '.$field], 401);
+                }
+            }
+
             if (config('oauth.force_aud')) {
                 if (! in_array($decoded->aud, config('oauth.trusted_aud'))) {
                     return response()->json(['error' => 'The application rejected the token, token aud is '.$decoded->aud.', app aud is '.config('oauth.client_id')], 401);