diff --git a/bootstrap/app.php b/bootstrap/app.php
index 7b162da..6b55c10 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -1,5 +1,6 @@
 <?php
 
+use App\Http\Middleware\JWTMiddleware;
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
@@ -7,11 +8,14 @@
 return Application::configure(basePath: dirname(__DIR__))
     ->withRouting(
         web: __DIR__.'/../routes/web.php',
+        api: __DIR__.'/../routes/api.php',
         commands: __DIR__.'/../routes/console.php',
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware) {
-        //
+        //        $middleware->alias([
+        //            'jwt' => JWTMiddleware::class
+        //        ]);
     })
     ->withExceptions(function (Exceptions $exceptions) {
         //
diff --git a/config/auth.php b/config/auth.php
index 0ba5d5d..c8936a3 100644
--- a/config/auth.php
+++ b/config/auth.php
@@ -40,6 +40,10 @@
             'driver' => 'session',
             'provider' => 'users',
         ],
+        'api' => [
+            'driver' => 'jwt',
+            //            'provider' => 'users',
+        ],
     ],
 
     /*
diff --git a/config/oauth.php b/config/oauth.php
index a94d919..e709f8b 100644
--- a/config/oauth.php
+++ b/config/oauth.php
@@ -4,4 +4,13 @@
     'client_id' => env('OAUTH_CLIENT_ID'),
     'client_secret' => env('OAUTH_CLIENT_SECRET'),
     'discovery' => env('OAUTH_DISCOVERY_URL'),
+
+    // 如果启用，将拒绝不匹配的 aud
+    'force_aud' => false,
+
+    // 信任 aud。默认为空，如果你允许其他应用调用 api，你可以填写。
+    'trusted_aud' => [
+        //        1,2,3
+        11,
+    ],
 ];