diff --git a/common/mall-spring-boot-starter-swagger/pom.xml b/common/mall-spring-boot-starter-swagger/pom.xml
deleted file mode 100644
index ef018146..00000000
--- a/common/mall-spring-boot-starter-swagger/pom.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <parent>
-        <artifactId>common</artifactId>
-        <groupId>cn.iocoder.mall</groupId>
-        <version>1.0-SNAPSHOT</version>
-    </parent>
-    <modelVersion>4.0.0</modelVersion>
-
-    <artifactId>mall-spring-boot-starter-swagger</artifactId>
-
-    <dependencies>
-        <!-- Spring 核心 -->
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-configuration-processor</artifactId>
-            <optional>true</optional>
-        </dependency>
-
-        <!-- Web 相关 -->
-        <dependency>
-            <groupId>com.github.xiaoymin</groupId>
-            <artifactId>knife4j-spring-boot-starter</artifactId>
-        </dependency>
-    </dependencies>
-
-</project>
diff --git a/common/mall-spring-boot-starter-swagger/src/main/java/cn/iocoder/mall/swagger/config/SwaggerAutoConfiguration.java b/common/mall-spring-boot-starter-swagger/src/main/java/cn/iocoder/mall/swagger/config/SwaggerAutoConfiguration.java
deleted file mode 100644
index fc7c887a..00000000
--- a/common/mall-spring-boot-starter-swagger/src/main/java/cn/iocoder/mall/swagger/config/SwaggerAutoConfiguration.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package cn.iocoder.mall.swagger.config;
-
-import com.github.xiaoymin.knife4j.spring.annotations.EnableKnife4j;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import springfox.documentation.builders.ApiInfoBuilder;
-import springfox.documentation.builders.PathSelectors;
-import springfox.documentation.builders.RequestHandlerSelectors;
-import springfox.documentation.service.ApiInfo;
-import springfox.documentation.spi.DocumentationType;
-import springfox.documentation.spring.web.plugins.Docket;
-import springfox.documentation.swagger2.annotations.EnableSwagger2;
-
-/**
- * 简单的 Swagger2 自动配置类
- *
- * 较为完善的，可以了解 https://mvnrepository.com/artifact/com.spring4all/spring-boot-starter-swagger
- */
-@Configuration
-@EnableSwagger2
-@EnableKnife4j
-@ConditionalOnClass({Docket.class, ApiInfoBuilder.class})
-@ConditionalOnProperty(prefix = "swagger", value = "enable", matchIfMissing = true) // 允许使用 swagger.enable=false 禁用 Swagger
-@EnableConfigurationProperties(SwaggerProperties.class)
-public class SwaggerAutoConfiguration {
-
-    @Bean
-    @ConditionalOnMissingBean
-    public SwaggerProperties swaggerProperties() {
-        return new SwaggerProperties();
-    }
-
-    @Bean
-    public Docket createRestApi() {
-        SwaggerProperties properties = swaggerProperties();
-        // 创建 Docket 对象
-        return new Docket(DocumentationType.SWAGGER_2)
-                .apiInfo(apiInfo(properties))
-                .select()
-                .apis(RequestHandlerSelectors.basePackage(properties.getBasePackage()))
-                .paths(PathSelectors.any())
-                .build();
-    }
-
-    private ApiInfo apiInfo(SwaggerProperties properties) {
-        return new ApiInfoBuilder()
-                .title(properties.getTitle())
-                .description(properties.getDescription())
-                .version(properties.getVersion())
-                .build();
-    }
-
-}
diff --git a/common/mall-spring-boot-starter-swagger/src/main/java/cn/iocoder/mall/swagger/config/SwaggerProperties.java b/common/mall-spring-boot-starter-swagger/src/main/java/cn/iocoder/mall/swagger/config/SwaggerProperties.java
deleted file mode 100644
index 3c7c5739..00000000
--- a/common/mall-spring-boot-starter-swagger/src/main/java/cn/iocoder/mall/swagger/config/SwaggerProperties.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package cn.iocoder.mall.swagger.config;
-
-import org.springframework.boot.context.properties.ConfigurationProperties;
-
-@ConfigurationProperties("swagger")
-public class SwaggerProperties {
-
-    private String title;
-    private String description;
-    private String version;
-    private String basePackage;
-
-    public String getTitle() {
-        return title;
-    }
-
-    public SwaggerProperties setTitle(String title) {
-        this.title = title;
-        return this;
-    }
-
-    public String getDescription() {
-        return description;
-    }
-
-    public SwaggerProperties setDescription(String description) {
-        this.description = description;
-        return this;
-    }
-
-    public String getVersion() {
-        return version;
-    }
-
-    public SwaggerProperties setVersion(String version) {
-        this.version = version;
-        return this;
-    }
-
-    public String getBasePackage() {
-        return basePackage;
-    }
-
-    public SwaggerProperties setBasePackage(String basePackage) {
-        this.basePackage = basePackage;
-        return this;
-    }
-}
diff --git a/common/mall-spring-boot-starter-swagger/src/main/java/cn/iocoder/mall/swagger/package-info.java b/common/mall-spring-boot-starter-swagger/src/main/java/cn/iocoder/mall/swagger/package-info.java
deleted file mode 100644
index e30eadec..00000000
--- a/common/mall-spring-boot-starter-swagger/src/main/java/cn/iocoder/mall/swagger/package-info.java
+++ /dev/null
@@ -1,4 +0,0 @@
-/**
- * 无情的占位类
- */
-package cn.iocoder.mall.swagger;
diff --git a/common/mall-spring-boot-starter-swagger/src/main/resources/META-INF/spring.factories b/common/mall-spring-boot-starter-swagger/src/main/resources/META-INF/spring.factories
deleted file mode 100644
index 28fc2dc2..00000000
--- a/common/mall-spring-boot-starter-swagger/src/main/resources/META-INF/spring.factories
+++ /dev/null
@@ -1,2 +0,0 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
-  cn.iocoder.mall.swagger.config.SwaggerAutoConfiguration
diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java
index e61bdfc6..e9045c76 100644
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java
@@ -8,7 +8,7 @@ import cn.iocoder.yudao.framework.security.core.handler.AuthenticationEntryPoint
 import cn.iocoder.yudao.framework.security.core.service.SecurityFrameworkService;
 import cn.iocoder.yudao.framework.security.core.service.SecurityFrameworkServiceImpl;
 import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
-import cn.iocoder.yudao.module.system.api.auth.OAuth2TokenApi;
+import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
 import cn.iocoder.yudao.module.system.api.permission.PermissionApi;
 import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java
index e5932400..11b82a12 100644
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java
@@ -10,8 +10,8 @@ import cn.iocoder.yudao.framework.security.core.LoginUser;
 import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
 import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
 import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils;
-import cn.iocoder.yudao.module.system.api.auth.OAuth2TokenApi;
-import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCheckRespDTO;
+import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.filter.OncePerRequestFilter;
@@ -69,7 +69,10 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 
     private LoginUser buildLoginUserByToken(String token, Integer userType) {
         try {
-            OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(token);
+            // 校验访问令牌
+            CommonResult<OAuth2AccessTokenCheckRespDTO> accessTokenResult = oauth2TokenApi.checkAccessToken(token);
+            accessTokenResult.checkError();
+            OAuth2AccessTokenCheckRespDTO accessToken = accessTokenResult.getData();
             if (accessToken == null) {
                 return null;
             }
diff --git a/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/swagger/config/YudaoSwaggerAutoConfiguration.java b/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/swagger/config/YudaoSwaggerAutoConfiguration.java
index 514ed738..8b0815b7 100644
--- a/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/swagger/config/YudaoSwaggerAutoConfiguration.java
+++ b/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/swagger/config/YudaoSwaggerAutoConfiguration.java
@@ -22,6 +22,8 @@ import springfox.documentation.swagger2.annotations.EnableSwagger2;
 import java.util.Collections;
 import java.util.List;
 
+import static springfox.documentation.builders.RequestHandlerSelectors.basePackage;
+
 /**
  * Swagger2 自动配置类
  *
@@ -56,7 +58,7 @@ public class YudaoSwaggerAutoConfiguration {
                 .apiInfo(apiInfo(properties))
                 // 设置扫描指定 package 包下的
                 .select()
-//                .apis(basePackage(properties.getBasePackage()))
+                .apis(basePackage(properties.getBasePackage()))
 //                .apis(basePackage("cn.iocoder.yudao.module.system")) // 可用于 swagger 无法展示时使用
                 .paths(PathSelectors.any())
                 .build()
diff --git a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/GatewayServerApplication.java b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/GatewayServerApplication.java
index ff4b97f0..5ad84475 100644
--- a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/GatewayServerApplication.java
+++ b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/GatewayServerApplication.java
@@ -1,6 +1,6 @@
 package cn.iocoder.yudao.gateway;
 
-import cn.iocoder.yudao.module.system.api.auth.OAuth2TokenApi;
+import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.openfeign.EnableFeignClients;
diff --git a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/TokenAuthenticationFilter.java b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/TokenAuthenticationFilter.java
index 3b964231..7113b88d 100644
--- a/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/TokenAuthenticationFilter.java
+++ b/yudao-gateway/src/main/java/cn/iocoder/yudao/gateway/filter/TokenAuthenticationFilter.java
@@ -1,7 +1,6 @@
 package cn.iocoder.yudao.gateway.filter;
 
-import cn.iocoder.yudao.module.system.api.auth.OAuth2TokenApi;
-import org.springframework.beans.factory.annotation.Autowired;
+import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
 import org.springframework.core.Ordered;
diff --git a/yudao-module-system/yudao-module-system-api/pom.xml b/yudao-module-system/yudao-module-system-api/pom.xml
index 1c1215f0..f125b277 100644
--- a/yudao-module-system/yudao-module-system-api/pom.xml
+++ b/yudao-module-system/yudao-module-system-api/pom.xml
@@ -22,6 +22,13 @@
             <artifactId>yudao-common</artifactId>
         </dependency>
 
+        <!-- Web 相关 -->
+        <dependency>
+            <groupId>io.swagger</groupId>
+            <artifactId>swagger-annotations</artifactId>
+            <optional>true</optional>
+        </dependency>
+
         <!-- 参数校验 -->
         <dependency>
             <groupId>org.springframework.boot</groupId>
diff --git a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApi.java b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApi.java
deleted file mode 100644
index a769a431..00000000
--- a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApi.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package cn.iocoder.yudao.module.system.api.auth;
-
-import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCheckRespDTO;
-import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCreateReqDTO;
-import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenRespDTO;
-import org.springframework.cloud.openfeign.FeignClient;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-
-import javax.validation.Valid;
-
-/**
- * OAuth2.0 Token API 接口
- *
- * @author 芋道源码
- */
-@FeignClient(name = "system-server") // TODO 芋艿：fallbackFactory =
-public interface OAuth2TokenApi {
-
-    /**
-     * 创建访问令牌
-     *
-     * @param reqDTO 访问令牌的创建信息
-     * @return 访问令牌的信息
-     */
-    @GetMapping("/tmp")
-    OAuth2AccessTokenRespDTO createAccessToken(@Valid OAuth2AccessTokenCreateReqDTO reqDTO);
-
-    /**
-     * 校验访问令牌
-     *
-     * @param accessToken 访问令牌
-     * @return 访问令牌的信息
-     */
-    @GetMapping("/app-api/check")
-    OAuth2AccessTokenCheckRespDTO checkAccessToken(@RequestParam("accessToken") String accessToken);
-
-    /**
-     * 移除访问令牌
-     *
-     * @param accessToken 访问令牌
-     * @return 访问令牌的信息
-     */
-    @GetMapping("/tmp2")
-    OAuth2AccessTokenRespDTO removeAccessToken(String accessToken);
-
-    /**
-     * 刷新访问令牌
-     *
-     * @param refreshToken 刷新令牌
-     * @param clientId 客户端编号
-     * @return 访问令牌的信息
-     */
-    @GetMapping("/tmp3")
-    OAuth2AccessTokenRespDTO refreshAccessToken(@RequestParam("refreshToken") String refreshToken,
-                                                @RequestParam("clientId") String clientId);
-
-}
diff --git a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/dto/OAuth2AccessTokenCheckRespDTO.java b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/dto/OAuth2AccessTokenCheckRespDTO.java
deleted file mode 100644
index 5b708ff6..00000000
--- a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/dto/OAuth2AccessTokenCheckRespDTO.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package cn.iocoder.yudao.module.system.api.auth.dto;
-
-import lombok.Data;
-
-import java.io.Serializable;
-import java.util.List;
-
-/**
- * OAuth2.0 访问令牌的校验 Response DTO
- *
- * @author 芋道源码
- */
-@Data
-public class OAuth2AccessTokenCheckRespDTO implements Serializable {
-
-    /**
-     * 用户编号
-     */
-    private Long userId;
-    /**
-     * 用户类型
-     */
-    private Integer userType;
-    /**
-     * 租户编号
-     */
-    private Long tenantId;
-    /**
-     * 授权范围的数组
-     */
-    private List<String> scopes;
-
-}
diff --git a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/dto/OAuth2AccessTokenRespDTO.java b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/dto/OAuth2AccessTokenRespDTO.java
deleted file mode 100644
index 76895559..00000000
--- a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/dto/OAuth2AccessTokenRespDTO.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package cn.iocoder.yudao.module.system.api.auth.dto;
-
-import lombok.Data;
-import lombok.experimental.Accessors;
-
-import java.io.Serializable;
-import java.util.Date;
-
-/**
- * OAuth2.0 访问令牌的信息 Response DTO
- *
- * @author 芋道源码
- */
-@Data
-@Accessors(chain = true)
-public class OAuth2AccessTokenRespDTO implements Serializable {
-
-    /**
-     * 访问令牌
-     */
-    private String accessToken;
-    /**
-     * 刷新令牌
-     */
-    private String refreshToken;
-    /**
-     * 用户编号
-     */
-    private Long userId;
-    /**
-     * 用户类型
-     */
-    private Integer userType;
-    /**
-     * 过期时间
-     */
-    private Date expiresTime;
-
-}
diff --git a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/OAuth2TokenApi.java b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/OAuth2TokenApi.java
new file mode 100644
index 00000000..2763441f
--- /dev/null
+++ b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/OAuth2TokenApi.java
@@ -0,0 +1,46 @@
+package cn.iocoder.yudao.module.system.api.oauth2;
+
+import cn.iocoder.yudao.framework.common.pojo.CommonResult;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCreateReqDTO;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenRespDTO;
+import cn.iocoder.yudao.module.system.enums.ApiConstants;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiImplicitParam;
+import io.swagger.annotations.ApiImplicitParams;
+import io.swagger.annotations.ApiOperation;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+
+@FeignClient(name = "system-server") // TODO 芋艿：fallbackFactory =
+@Api(tags = "RPC 服务 - OAuth2.0 令牌")
+public interface OAuth2TokenApi {
+
+    String API_PREFIX = ApiConstants.API_PREFIX + "/oauth2/token";
+
+    @PostMapping(API_PREFIX + "/create")
+    @ApiOperation("创建访问令牌")
+    CommonResult<OAuth2AccessTokenRespDTO> createAccessToken(@Valid @RequestBody OAuth2AccessTokenCreateReqDTO reqDTO);
+
+    @GetMapping(API_PREFIX + "/check")
+    @ApiOperation("校验访问令牌")
+    @ApiImplicitParam(name = "accessToken", value = "访问令牌", required = true, example = "tudou")
+    CommonResult<OAuth2AccessTokenCheckRespDTO> checkAccessToken(@RequestParam("accessToken") String accessToken);
+
+    @DeleteMapping(API_PREFIX + "/remove")
+    @ApiOperation("移除访问令牌")
+    @ApiImplicitParam(name = "accessToken", value = "访问令牌", required = true, example = "tudou")
+    CommonResult<OAuth2AccessTokenRespDTO> removeAccessToken(@RequestParam("accessToken") String accessToken);
+
+    @PutMapping(API_PREFIX + "/refresh")
+    @ApiOperation("刷新访问令牌")
+    @ApiImplicitParams({
+        @ApiImplicitParam(name = "refreshToken", value = "刷新令牌", required = true, example = "haha"),
+        @ApiImplicitParam(name = "clientId", value = "客户端编号", required = true, example = "yudaoyuanma")
+    })
+    CommonResult<OAuth2AccessTokenRespDTO> refreshAccessToken(@RequestParam("refreshToken") String refreshToken,
+                                                              @RequestParam("clientId") String clientId);
+
+}
diff --git a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/dto/OAuth2AccessTokenCheckRespDTO.java b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/dto/OAuth2AccessTokenCheckRespDTO.java
new file mode 100644
index 00000000..4cb3f860
--- /dev/null
+++ b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/dto/OAuth2AccessTokenCheckRespDTO.java
@@ -0,0 +1,26 @@
+package cn.iocoder.yudao.module.system.api.oauth2.dto;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.List;
+
+@ApiModel("RPC 服务 - OAuth2.0 访问令牌的校验 Response DTO")
+@Data
+public class OAuth2AccessTokenCheckRespDTO implements Serializable {
+
+    @ApiModelProperty(value = "用户编号", required = true, example = "10")
+    private Long userId;
+
+    @ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参见 UserTypeEnum 枚举")
+    private Integer userType;
+
+    @ApiModelProperty(value = "租户编号", required = true, example = "1024")
+    private Long tenantId;
+
+    @ApiModelProperty(value = "授权范围的数组", example = "user_info")
+    private List<String> scopes;
+
+}
diff --git a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/dto/OAuth2AccessTokenCreateReqDTO.java b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/dto/OAuth2AccessTokenCreateReqDTO.java
similarity index 53%
rename from yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/dto/OAuth2AccessTokenCreateReqDTO.java
rename to yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/dto/OAuth2AccessTokenCreateReqDTO.java
index 1d9b793d..2fde8a27 100644
--- a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/auth/dto/OAuth2AccessTokenCreateReqDTO.java
+++ b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/dto/OAuth2AccessTokenCreateReqDTO.java
@@ -1,40 +1,33 @@
-package cn.iocoder.yudao.module.system.api.auth.dto;
+package cn.iocoder.yudao.module.system.api.oauth2.dto;
 
 import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
 import cn.iocoder.yudao.framework.common.validation.InEnum;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 
 import javax.validation.constraints.NotNull;
 import java.io.Serializable;
 import java.util.List;
 
-/**
- * OAuth2.0 访问令牌创建 Request DTO
- *
- * @author 芋道源码
- */
+@ApiModel("RPC 服务 - OAuth2.0 访问令牌创建 Request DTO")
 @Data
 public class OAuth2AccessTokenCreateReqDTO implements Serializable {
 
-    /**
-     * 用户编号
-     */
+    @ApiModelProperty(value = "用户编号", required = true, example = "10")
     @NotNull(message = "用户编号不能为空")
     private Long userId;
-    /**
-     * 用户类型
-     */
+
+    @ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参见 UserTypeEnum 枚举")
     @NotNull(message = "用户类型不能为空")
     @InEnum(value = UserTypeEnum.class, message = "用户类型必须是 {value}")
     private Integer userType;
-    /**
-     * 客户端编号
-     */
+
+    @ApiModelProperty(value = "客户端编号", required = true, example = "yudaoyuanma")
     @NotNull(message = "客户端编号不能为空")
     private String clientId;
-    /**
-     * 授权范围
-     */
+
+    @ApiModelProperty(value = "授权范围的数组", example = "user_info")
     private List<String> scopes;
 
 }
diff --git a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/dto/OAuth2AccessTokenRespDTO.java b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/dto/OAuth2AccessTokenRespDTO.java
new file mode 100644
index 00000000..11850657
--- /dev/null
+++ b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/dto/OAuth2AccessTokenRespDTO.java
@@ -0,0 +1,31 @@
+package cn.iocoder.yudao.module.system.api.oauth2.dto;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+import java.io.Serializable;
+import java.util.Date;
+
+@ApiModel("RPC 服务 - OAuth2.0 访问令牌的信息 Response DTO")
+@Data
+@Accessors(chain = true)
+public class OAuth2AccessTokenRespDTO implements Serializable {
+
+    @ApiModelProperty(value = "访问令牌", required = true, example = "tudou")
+    private String accessToken;
+
+    @ApiModelProperty(value = "刷新令牌", required = true, example = "haha")
+    private String refreshToken;
+
+    @ApiModelProperty(value = "用户编号", required = true, example = "10")
+    private Long userId;
+
+    @ApiModelProperty(value = "用户类型", required = true, example = "1", notes = "参见 UserTypeEnum 枚举")
+    private Integer userType;
+
+    @ApiModelProperty(value = "过期时间", required = true)
+    private Date expiresTime;
+
+}
diff --git a/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/enums/ApiConstants.java b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/enums/ApiConstants.java
new file mode 100644
index 00000000..e81335f3
--- /dev/null
+++ b/yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/enums/ApiConstants.java
@@ -0,0 +1,12 @@
+package cn.iocoder.yudao.module.system.enums;
+
+/**
+ * API 相关的枚举
+ *
+ * @author 芋道源码
+ */
+public class ApiConstants {
+
+    public static final String API_PREFIX = "/rpc-api/system";
+
+}
diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApiImpl.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApiImpl.java
deleted file mode 100644
index 3eec3fc1..00000000
--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/api/auth/OAuth2TokenApiImpl.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package cn.iocoder.yudao.module.system.api.auth;
-
-import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCheckRespDTO;
-import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCreateReqDTO;
-import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenRespDTO;
-import cn.iocoder.yudao.module.system.convert.auth.OAuth2TokenConvert;
-import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
-import cn.iocoder.yudao.module.system.service.oauth2.OAuth2TokenService;
-import org.springframework.stereotype.Service;
-import org.springframework.web.bind.annotation.RestController;
-
-import javax.annotation.Resource;
-
-/**
- * OAuth2.0 Token API 实现类
- *
- * @author 芋道源码
- */
-@RestController
-public class OAuth2TokenApiImpl implements OAuth2TokenApi {
-
-    @Resource
-    private OAuth2TokenService oauth2TokenService;
-
-    @Override
-    public OAuth2AccessTokenRespDTO createAccessToken(OAuth2AccessTokenCreateReqDTO reqDTO) {
-        OAuth2AccessTokenDO accessTokenDO = oauth2TokenService.createAccessToken(
-                reqDTO.getUserId(), reqDTO.getUserType(), reqDTO.getClientId(), reqDTO.getScopes());
-        return OAuth2TokenConvert.INSTANCE.convert2(accessTokenDO);
-    }
-
-    @Override
-    public OAuth2AccessTokenCheckRespDTO checkAccessToken(String accessToken) {
-        return OAuth2TokenConvert.INSTANCE.convert(oauth2TokenService.checkAccessToken(accessToken));
-    }
-
-    @Override
-    public OAuth2AccessTokenRespDTO removeAccessToken(String accessToken) {
-        OAuth2AccessTokenDO accessTokenDO = oauth2TokenService.removeAccessToken(accessToken);
-        return OAuth2TokenConvert.INSTANCE.convert2(accessTokenDO);
-    }
-
-    @Override
-    public OAuth2AccessTokenRespDTO refreshAccessToken(String refreshToken, String clientId) {
-        OAuth2AccessTokenDO accessTokenDO = oauth2TokenService.refreshAccessToken(refreshToken, clientId);
-        return OAuth2TokenConvert.INSTANCE.convert2(accessTokenDO);
-    }
-
-}
diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/OAuth2TokenApiImpl.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/OAuth2TokenApiImpl.java
new file mode 100644
index 00000000..c2b53637
--- /dev/null
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/api/oauth2/OAuth2TokenApiImpl.java
@@ -0,0 +1,52 @@
+package cn.iocoder.yudao.module.system.api.oauth2;
+
+import cn.iocoder.yudao.framework.common.pojo.CommonResult;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCreateReqDTO;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenRespDTO;
+import cn.iocoder.yudao.module.system.convert.auth.OAuth2TokenConvert;
+import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
+import cn.iocoder.yudao.module.system.service.oauth2.OAuth2TokenService;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.annotation.Resource;
+
+import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
+
+@RestController // 提供 RESTful API 接口，给 Feign 调用
+@Validated
+public class OAuth2TokenApiImpl implements OAuth2TokenApi {
+
+    @Resource
+    private OAuth2TokenService oauth2TokenService;
+
+    @Override
+    @ApiOperation("创建访问令牌")
+    public CommonResult<OAuth2AccessTokenRespDTO> createAccessToken(@RequestBody OAuth2AccessTokenCreateReqDTO reqDTO) {
+        OAuth2AccessTokenDO accessTokenDO = oauth2TokenService.createAccessToken(
+                reqDTO.getUserId(), reqDTO.getUserType(), reqDTO.getClientId(), reqDTO.getScopes());
+        return success(OAuth2TokenConvert.INSTANCE.convert2(accessTokenDO));
+    }
+
+    @Override
+    public CommonResult<OAuth2AccessTokenCheckRespDTO> checkAccessToken(String accessToken) {
+        return success(OAuth2TokenConvert.INSTANCE.convert(oauth2TokenService.checkAccessToken(accessToken)));
+    }
+
+    @Override
+    public CommonResult<OAuth2AccessTokenRespDTO> removeAccessToken(String accessToken) {
+        OAuth2AccessTokenDO accessTokenDO = oauth2TokenService.removeAccessToken(accessToken);
+        return success(OAuth2TokenConvert.INSTANCE.convert2(accessTokenDO));
+    }
+
+    @Override
+    public CommonResult<OAuth2AccessTokenRespDTO> refreshAccessToken(String refreshToken, String clientId) {
+        OAuth2AccessTokenDO accessTokenDO = oauth2TokenService.refreshAccessToken(refreshToken, clientId);
+        return success(OAuth2TokenConvert.INSTANCE.convert2(accessTokenDO));
+    }
+
+}
diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/convert/auth/OAuth2TokenConvert.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/convert/auth/OAuth2TokenConvert.java
index 50a6b977..17c62f0d 100644
--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/convert/auth/OAuth2TokenConvert.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/convert/auth/OAuth2TokenConvert.java
@@ -1,8 +1,8 @@
 package cn.iocoder.yudao.module.system.convert.auth;
 
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
-import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenCheckRespDTO;
-import cn.iocoder.yudao.module.system.api.auth.dto.OAuth2AccessTokenRespDTO;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenRespDTO;
 import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.token.OAuth2AccessTokenRespVO;
 import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
 import org.mapstruct.Mapper;
diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/framework/security/config/SecurityConfiguration.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/framework/security/config/SecurityConfiguration.java
index c81809b2..87443ace 100644
--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/framework/security/config/SecurityConfiguration.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/framework/security/config/SecurityConfiguration.java
@@ -1,6 +1,7 @@
 package cn.iocoder.yudao.module.system.framework.security.config;
 
 import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
+import cn.iocoder.yudao.module.system.enums.ApiConstants;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -38,6 +39,18 @@ public class SecurityConfiguration {
                 // OAuth2 API
                 registry.antMatchers(buildAdminApi("/system/oauth2/token")).permitAll();
                 registry.antMatchers(buildAdminApi("/system/oauth2/check-token")).permitAll();
+
+                // TODO 芋艿：这个每个项目都需要重复配置，得捉摸有没通用的方案
+                // Swagger 接口文档
+                registry.antMatchers("/swagger-ui.html").anonymous()
+                        .antMatchers("/swagger-resources/**").anonymous()
+                        .antMatchers("/webjars/**").anonymous()
+                        .antMatchers("/*/api-docs").anonymous();
+                // Spring Boot Actuator 的安全配置
+                registry.antMatchers("/actuator").anonymous()
+                        .antMatchers("/actuator/**").anonymous();
+                // RPC 服务的安全配置
+                registry.antMatchers(ApiConstants.API_PREFIX + "/**").anonymous();
             }
 
         };
diff --git a/yudao-module-system/yudao-module-system-biz/src/main/resources/application.yaml b/yudao-module-system/yudao-module-system-biz/src/main/resources/application.yaml
index 7e33378a..79d5599e 100644
--- a/yudao-module-system/yudao-module-system-biz/src/main/resources/application.yaml
+++ b/yudao-module-system/yudao-module-system-biz/src/main/resources/application.yaml
@@ -73,7 +73,7 @@ mybatis-plus:
 yudao:
   info:
     version: 1.0.0
-    base-package: cn.iocoder.yudao
+    base-package: cn.iocoder.yudao.module.system
   web:
     admin-api:
       prefix: /admin-api