diff --git a/app/Auth/NexusWebGuard.php b/app/Auth/NexusWebGuard.php
index cbd399bc..9eaa940a 100644
--- a/app/Auth/NexusWebGuard.php
+++ b/app/Auth/NexusWebGuard.php
@@ -74,11 +74,17 @@ class NexusWebGuard implements StatefulGuard
             return false;
         }
         $user = $this->provider->retrieveById($id);
-        if ($user) {
+        if (!$user) {
+            return false;
+        }
+        try {
+            $user->checkIsNormal();
             $this->user = $user;
             return true;
+        } catch (\Throwable $e) {
+            do_log($e->getMessage());
+            return false;
         }
-        return false;
     }
 
     public function logout()
diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
index 223194b8..eabbc725 100644
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -50,7 +50,8 @@ class Handler extends ExceptionHandler
             }
         });
         $this->renderable(function (PassportAuthenticationException $e) {
-            return response()->redirectTo(getSchemeAndHttpHost() . "/login.php");
+            $request = request();
+            return response()->redirectTo(sprintf("%s/login.php?returnto=%s", $request->getSchemeAndHttpHost(), urlencode($request->fullUrl())));
         });
 
         //Other Only handle in json request
diff --git a/app/Filament/PageListSingle.php b/app/Filament/PageListSingle.php
index d3d94488..ca77e367 100644
--- a/app/Filament/PageListSingle.php
+++ b/app/Filament/PageListSingle.php
@@ -16,10 +16,8 @@ class PageListSingle extends ManageRecords
         return Layout::AboveContent;
     }
 
-    protected function getTableRecordUrlUsing(): ?Closure
+    protected function getTableRecordActionUsing(): ?Closure
     {
-        return function (Model $record): ?string {
-            return null;
-        };
+        return null;
     }
 }
diff --git a/app/Filament/Resources/Oauth/AccessTokenResource.php b/app/Filament/Resources/Oauth/AccessTokenResource.php
new file mode 100644
index 00000000..a57d3877
--- /dev/null
+++ b/app/Filament/Resources/Oauth/AccessTokenResource.php
@@ -0,0 +1,76 @@
+<?php
+
+namespace App\Filament\Resources\Oauth;
+
+use App\Filament\Resources\Oauth\AccessTokenResource\Pages;
+use App\Filament\Resources\Oauth\AccessTokenResource\RelationManagers;
+use Laravel\Passport\Token;
+use Filament\Forms;
+use Filament\Resources\Form;
+use Filament\Resources\Resource;
+use Filament\Resources\Table;
+use Filament\Tables;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\SoftDeletingScope;
+
+class AccessTokenResource extends Resource
+{
+    protected static ?string $model = Token::class;
+
+    protected static ?string $navigationIcon = 'heroicon-o-collection';
+
+    protected static ?string $navigationGroup = 'Oauth';
+
+    protected static ?int $navigationSort = 3;
+
+    protected static function getNavigationLabel(): string
+    {
+        return __('admin.sidebar.oauth_access_token');
+    }
+
+    public static function getBreadcrumb(): string
+    {
+        return self::getNavigationLabel();
+    }
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->schema([
+                //
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('id')->searchable(),
+                Tables\Columns\TextColumn::make('user.username')
+                    ->label(__('label.username'))
+                    ->formatStateUsing(fn ($record) => username_for_admin($record->user_id)),
+                Tables\Columns\TextColumn::make('client.name')
+                    ->label(__('oauth.client')),
+                Tables\Columns\TextColumn::make('expires_at')
+                    ->label(__('label.expire_at'))
+
+            ])
+            ->filters([
+                //
+            ])
+            ->actions([
+//                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make(),
+            ])
+            ->bulkActions([
+                Tables\Actions\DeleteBulkAction::make(),
+            ]);
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ManageAccessTokens::route('/'),
+        ];
+    }
+}
diff --git a/app/Filament/Resources/Oauth/AccessTokenResource/Pages/ManageAccessTokens.php b/app/Filament/Resources/Oauth/AccessTokenResource/Pages/ManageAccessTokens.php
new file mode 100644
index 00000000..babbb721
--- /dev/null
+++ b/app/Filament/Resources/Oauth/AccessTokenResource/Pages/ManageAccessTokens.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Filament\Resources\Oauth\AccessTokenResource\Pages;
+
+use App\Filament\PageListSingle;
+use App\Filament\Resources\Oauth\AccessTokenResource;
+use Filament\Pages\Actions;
+use Filament\Resources\Pages\ManageRecords;
+
+class ManageAccessTokens extends PageListSingle
+{
+    protected static string $resource = AccessTokenResource::class;
+
+    protected function getActions(): array
+    {
+        return [
+//            Actions\CreateAction::make(),
+        ];
+    }
+}
diff --git a/app/Filament/Resources/Oauth/AuthCodeResource.php b/app/Filament/Resources/Oauth/AuthCodeResource.php
new file mode 100644
index 00000000..b99062e9
--- /dev/null
+++ b/app/Filament/Resources/Oauth/AuthCodeResource.php
@@ -0,0 +1,75 @@
+<?php
+
+namespace App\Filament\Resources\Oauth;
+
+use App\Filament\Resources\Oauth\AuthCodeResource\Pages;
+use App\Filament\Resources\Oauth\AuthCodeResource\RelationManagers;
+use Laravel\Passport\AuthCode;
+use Filament\Forms;
+use Filament\Resources\Form;
+use Filament\Resources\Resource;
+use Filament\Resources\Table;
+use Filament\Tables;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\SoftDeletingScope;
+
+class AuthCodeResource extends Resource
+{
+    protected static ?string $model = AuthCode::class;
+
+    protected static ?string $navigationIcon = 'heroicon-o-collection';
+
+    protected static ?string $navigationGroup = 'Oauth';
+
+    protected static ?int $navigationSort = 2;
+
+    protected static function getNavigationLabel(): string
+    {
+        return __('admin.sidebar.oauth_auth_code');
+    }
+
+    public static function getBreadcrumb(): string
+    {
+        return self::getNavigationLabel();
+    }
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->schema([
+                //
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('id'),
+                Tables\Columns\TextColumn::make('user.username')
+                    ->label(__('label.username'))
+                    ->formatStateUsing(fn ($record) => username_for_admin($record->user_id)),
+                Tables\Columns\TextColumn::make('client.name')
+                    ->label(__('oauth.client')),
+                Tables\Columns\TextColumn::make('expires_at')
+                    ->label(__('label.expire_at'))
+            ])
+            ->filters([
+                //
+            ])
+            ->actions([
+//                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make(),
+            ])
+            ->bulkActions([
+                Tables\Actions\DeleteBulkAction::make(),
+            ]);
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ManageAuthCodes::route('/'),
+        ];
+    }
+}
diff --git a/app/Filament/Resources/Oauth/AuthCodeResource/Pages/ManageAuthCodes.php b/app/Filament/Resources/Oauth/AuthCodeResource/Pages/ManageAuthCodes.php
new file mode 100644
index 00000000..72144eb4
--- /dev/null
+++ b/app/Filament/Resources/Oauth/AuthCodeResource/Pages/ManageAuthCodes.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Filament\Resources\Oauth\AuthCodeResource\Pages;
+
+use App\Filament\PageListSingle;
+use App\Filament\Resources\Oauth\AuthCodeResource;
+use Filament\Pages\Actions;
+use Filament\Resources\Pages\ManageRecords;
+
+class ManageAuthCodes extends PageListSingle
+{
+    protected static string $resource = AuthCodeResource::class;
+
+    protected function getActions(): array
+    {
+        return [
+//            Actions\CreateAction::make(),
+        ];
+    }
+}
diff --git a/app/Filament/Resources/Oauth/ClientResource.php b/app/Filament/Resources/Oauth/ClientResource.php
new file mode 100644
index 00000000..d9ae21ed
--- /dev/null
+++ b/app/Filament/Resources/Oauth/ClientResource.php
@@ -0,0 +1,75 @@
+<?php
+
+namespace App\Filament\Resources\Oauth;
+
+use App\Filament\PageListSingle;
+use App\Filament\Resources\Oauth\ClientResource\Pages;
+use App\Filament\Resources\Oauth\ClientResource\RelationManagers;
+use Laravel\Passport\Client;
+use Filament\Forms;
+use Filament\Resources\Form;
+use Filament\Resources\Resource;
+use Filament\Resources\Table;
+use Filament\Tables;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\SoftDeletingScope;
+
+class ClientResource extends Resource
+{
+    protected static ?string $model = Client::class;
+
+    protected static ?string $navigationIcon = 'heroicon-o-collection';
+
+    protected static ?string $navigationGroup = 'Oauth';
+
+    protected static ?int $navigationSort = 1;
+
+    protected static function getNavigationLabel(): string
+    {
+        return __('admin.sidebar.oauth_client');
+    }
+
+    public static function getBreadcrumb(): string
+    {
+        return self::getNavigationLabel();
+    }
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->schema([
+                Forms\Components\TextInput::make('name')->label(__('label.name')),
+                Forms\Components\TextInput::make('redirect')->label(__('oauth.redirect')),
+
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('id'),
+                Tables\Columns\TextColumn::make('name')->label(__('label.name')),
+                Tables\Columns\TextColumn::make('secret')->label(__('oauth.secret')),
+                Tables\Columns\TextColumn::make('redirect')->label(__('oauth.redirect')),
+
+            ])
+            ->filters([
+                //
+            ])
+            ->actions([
+                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make(),
+            ])
+            ->bulkActions([
+                Tables\Actions\DeleteBulkAction::make(),
+            ]);
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ManageClients::route('/'),
+        ];
+    }
+}
diff --git a/app/Filament/Resources/Oauth/ClientResource/Pages/ManageClients.php b/app/Filament/Resources/Oauth/ClientResource/Pages/ManageClients.php
new file mode 100644
index 00000000..97083f5f
--- /dev/null
+++ b/app/Filament/Resources/Oauth/ClientResource/Pages/ManageClients.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Filament\Resources\Oauth\ClientResource\Pages;
+
+use App\Filament\PageListSingle;
+use App\Filament\Resources\Oauth\ClientResource;
+use Filament\Pages\Actions;
+use Filament\Resources\Pages\ManageRecords;
+
+class ManageClients extends PageListSingle
+{
+    protected static string $resource = ClientResource::class;
+
+    protected function getActions(): array
+    {
+        return [
+            Actions\CreateAction::make(),
+        ];
+    }
+}
diff --git a/app/Filament/Resources/Oauth/RefreshTokenResource.php b/app/Filament/Resources/Oauth/RefreshTokenResource.php
new file mode 100644
index 00000000..28051f36
--- /dev/null
+++ b/app/Filament/Resources/Oauth/RefreshTokenResource.php
@@ -0,0 +1,77 @@
+<?php
+
+namespace App\Filament\Resources\Oauth;
+
+use App\Filament\Resources\Oauth\RefreshTokenResource\Pages;
+use App\Filament\Resources\Oauth\RefreshTokenResource\RelationManagers;
+use Laravel\Passport\RefreshToken;
+use Filament\Forms;
+use Filament\Resources\Form;
+use Filament\Resources\Resource;
+use Filament\Resources\Table;
+use Filament\Tables;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\SoftDeletingScope;
+
+class RefreshTokenResource extends Resource
+{
+    protected static ?string $model = RefreshToken::class;
+
+    protected static ?string $navigationIcon = 'heroicon-o-collection';
+
+    protected static ?string $navigationGroup = 'Oauth';
+
+    protected static ?int $navigationSort = 4;
+
+    protected static function getNavigationLabel(): string
+    {
+        return __('admin.sidebar.oauth_refresh_token');
+    }
+
+    public static function getBreadcrumb(): string
+    {
+        return self::getNavigationLabel();
+    }
+
+    public static function form(Form $form): Form
+    {
+        return $form
+            ->schema([
+                //
+            ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                Tables\Columns\TextColumn::make('id')
+                    ->label(__('oauth.refresh_token'))
+                    ->searchable()
+                ,
+                Tables\Columns\TextColumn::make('access_token_id')
+                    ->label(__('oauth.access_token'))
+                    ->searchable()
+                ,
+                Tables\Columns\TextColumn::make('expires_at')
+                    ->label(__('label.expire_at'))
+            ])
+            ->filters([
+                //
+            ])
+            ->actions([
+//                Tables\Actions\EditAction::make(),
+                Tables\Actions\DeleteAction::make(),
+            ])
+            ->bulkActions([
+                Tables\Actions\DeleteBulkAction::make(),
+            ]);
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => Pages\ManageRefreshTokens::route('/'),
+        ];
+    }
+}
diff --git a/app/Filament/Resources/Oauth/RefreshTokenResource/Pages/ManageRefreshTokens.php b/app/Filament/Resources/Oauth/RefreshTokenResource/Pages/ManageRefreshTokens.php
new file mode 100644
index 00000000..22bde447
--- /dev/null
+++ b/app/Filament/Resources/Oauth/RefreshTokenResource/Pages/ManageRefreshTokens.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Filament\Resources\Oauth\RefreshTokenResource\Pages;
+
+use App\Filament\PageListSingle;
+use App\Filament\Resources\Oauth\RefreshTokenResource;
+use Filament\Pages\Actions;
+use Filament\Resources\Pages\ManageRecords;
+
+class ManageRefreshTokens extends PageListSingle
+{
+    protected static string $resource = RefreshTokenResource::class;
+
+    protected function getActions(): array
+    {
+        return [
+//            Actions\CreateAction::make(),
+        ];
+    }
+}
diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php
index 406f179b..c1d28fc2 100644
--- a/app/Http/Middleware/Authenticate.php
+++ b/app/Http/Middleware/Authenticate.php
@@ -15,7 +15,7 @@ class Authenticate extends Middleware
     protected function redirectTo($request)
     {
         if (! $request->expectsJson()) {
-            return getBaseUrl() . '/login.php';
+            return sprintf("%s/login.php?returnto=%s", $request->getSchemeAndHttpHost(), urlencode($request->fullUrl()));
         }
     }
 }
diff --git a/app/Http/Middleware/NexusAuth.php b/app/Http/Middleware/NexusAuth.php
index 9f68d9fb..a6e9a6cd 100644
--- a/app/Http/Middleware/NexusAuth.php
+++ b/app/Http/Middleware/NexusAuth.php
@@ -15,7 +15,7 @@ class NexusAuth extends Middleware
     protected function redirectTo($request)
     {
         if (! $request->expectsJson()) {
-            return getBaseUrl() . '/login.php';
+            return sprintf("%s/login.php?returnto=%s", $request->getSchemeAndHttpHost(), urlencode($request->fullUrl()));
         }
     }
 }
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 2f164263..08035ded 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -42,6 +42,7 @@ class AppServiceProvider extends ServiceProvider
                 'Role & Permission',
                 'Other',
                 'Section',
+                'Oauth',
                 'System',
             ]);
         });
diff --git a/include/cleanup.php b/include/cleanup.php
index 8e741733..febdfd75 100644
--- a/include/cleanup.php
+++ b/include/cleanup.php
@@ -1106,6 +1106,27 @@ function docleanup($forceAll = 0, $printProgress = false) {
 //        printProgress($log);
 //    }
 
+    sql_query("delete from oauth_auth_codes where expires_at <= '$nowStr'");
+    $log = "delete oauth auth code expired";
+    do_log($log);
+    if ($printProgress) {
+        printProgress($log);
+    }
+
+    sql_query("delete from oauth_access_tokens where expires_at <= '$nowStr'");
+    $log = "delete oauth access token expired";
+    do_log($log);
+    if ($printProgress) {
+        printProgress($log);
+    }
+
+    sql_query("delete from oauth_refresh_tokens where expires_at <= '$nowStr'");
+    $log = "delete oauth refresh token expired";
+    do_log($log);
+    if ($printProgress) {
+        printProgress($log);
+    }
+
 	$log = 'Full cleanup is done';
 	do_log($log);
     if ($printProgress) {
diff --git a/include/constants.php b/include/constants.php
index baf2e349..0b42d65e 100644
--- a/include/constants.php
+++ b/include/constants.php
@@ -1,6 +1,6 @@
 <?php
 defined('VERSION_NUMBER') || define('VERSION_NUMBER', '1.8.9');
-defined('RELEASE_DATE') || define('RELEASE_DATE', '2024-03-08');
+defined('RELEASE_DATE') || define('RELEASE_DATE', '2024-03-11');
 defined('IN_TRACKER') || define('IN_TRACKER', false);
 defined('PROJECTNAME') || define("PROJECTNAME","NexusPHP");
 defined('NEXUSPHPURL') || define("NEXUSPHPURL","https://nexusphp.org");
diff --git a/resources/lang/en/admin.php b/resources/lang/en/admin.php
index ab8633dc..02c0d5e0 100644
--- a/resources/lang/en/admin.php
+++ b/resources/lang/en/admin.php
@@ -38,6 +38,10 @@ return [
         'bonus_log' => 'Bonus logs',
         'torrent_buy_log' => 'Torrent buy logs',
         'attendance_log' => 'Attendance logs',
+        'oauth_client' => 'Client',
+        'oauth_access_token' => 'Access tokens',
+        'oauth_auth_code' => 'Auth codes',
+        'oauth_refresh_token' => 'Refresh tokens',
     ],
     'resources' => [
         'agent_allow' => [
diff --git a/resources/lang/en/oauth.php b/resources/lang/en/oauth.php
new file mode 100644
index 00000000..3e722458
--- /dev/null
+++ b/resources/lang/en/oauth.php
@@ -0,0 +1,9 @@
+<?php
+return [
+    'client' => 'Client',
+    'redirect' => 'Redirect URL',
+    'secret' => 'Secret',
+    'revoked' => 'Valid',
+    'access_token' => 'Access token',
+    'refresh_token' => 'Refresh token',
+];
diff --git a/resources/lang/zh_CN/admin.php b/resources/lang/zh_CN/admin.php
index 2389c818..7d4f9b83 100644
--- a/resources/lang/zh_CN/admin.php
+++ b/resources/lang/zh_CN/admin.php
@@ -36,6 +36,10 @@ return [
         'bonus_log' => '魔力记录',
         'torrent_buy_log' => '种子购买',
         'attendance_log' => '签到记录',
+        'oauth_client' => '客户端',
+        'oauth_access_token' => '访问令牌',
+        'oauth_auth_code' => '授权码',
+        'oauth_refresh_token' => '刷新令牌',
     ],
     'resources' => [
         'agent_allow' => [
diff --git a/resources/lang/zh_CN/oauth.php b/resources/lang/zh_CN/oauth.php
new file mode 100644
index 00000000..810b3f27
--- /dev/null
+++ b/resources/lang/zh_CN/oauth.php
@@ -0,0 +1,9 @@
+<?php
+return [
+    'client' => '客户端',
+    'redirect' => '回调地址',
+    'secret' => '密钥',
+    'revoked' => '有效',
+    'access_token' => '访问令牌',
+    'refresh_token' => '刷新令牌',
+];
diff --git a/resources/lang/zh_TW/admin.php b/resources/lang/zh_TW/admin.php
index 18b7d534..3d67d0cb 100644
--- a/resources/lang/zh_TW/admin.php
+++ b/resources/lang/zh_TW/admin.php
@@ -38,6 +38,10 @@ return [
         'bonus_log' => '魔力記錄',
         'torrent_buy_log' => '種子購買',
         'attendance_log' => '簽到記錄',
+        'oauth_client' => '客戶端',
+        'oauth_access_token' => '訪問令牌',
+        'oauth_auth_code' => '授權碼',
+        'oauth_refresh_token' => '刷新令牌',
     ],
     'resources' => [
         'agent_allow' => [
diff --git a/resources/lang/zh_TW/oauth.php b/resources/lang/zh_TW/oauth.php
new file mode 100644
index 00000000..38e424a8
--- /dev/null
+++ b/resources/lang/zh_TW/oauth.php
@@ -0,0 +1,9 @@
+<?php
+return [
+    'client' => '客戶端',
+    'redirect' => '回調地址',
+    'secret' => '密鑰',
+    'revoked' => '有效',
+    'access_token' => '訪問令牌',
+    'refresh_token' => '刷新令牌',
+];