diff --git a/packages/app-server/src/lib/policy-agent/policy-agent.ts b/packages/app-server/src/lib/policy-agent/policy-agent.ts
index b7917be566..e18f3370ce 100644
--- a/packages/app-server/src/lib/policy-agent/policy-agent.ts
+++ b/packages/app-server/src/lib/policy-agent/policy-agent.ts
@@ -1,5 +1,5 @@
 import assert = require("assert")
-import { AccessorInterface, Policy } from "less-api"
+import { AccessorInterface, Params, Policy } from "less-api"
 import { CloudFunction } from "../../../../cloud-function-engine/dist"
 import { getFunctionByName } from "../../api/function"
 import { Globals } from "../globals/globals"
@@ -63,11 +63,12 @@ export class PolicyAgent implements PolicyAgentInterface {
 
 /**
  * 默认的 injection getter
- * @param uid 
+ * @param auth 为 jwt token 的 payload 对象
  * @returns 返回默认的 injections
  */
-async function defaultInjectionGetter(uid: string) {
+async function defaultInjectionGetter(auth: any, _params: Params) {
+  auth = auth || {}
   return {
-    $uid: uid
+    ...auth
   }
 }
\ No newline at end of file
diff --git a/packages/app-server/src/lib/policy-agent/types.ts b/packages/app-server/src/lib/policy-agent/types.ts
index ea7f3617af..9471fedb30 100644
--- a/packages/app-server/src/lib/policy-agent/types.ts
+++ b/packages/app-server/src/lib/policy-agent/types.ts
@@ -3,7 +3,7 @@ import { Params, Policy } from "less-api"
 
 
 
-export type InjectionGetter = (uid: string, params: Params) => Promise<any>
+export type InjectionGetter = (payload: string, params: Params) => Promise<any>
 
 /**
  * used in policy agent
diff --git a/packages/app-server/src/router/entry/index.ts b/packages/app-server/src/router/entry/index.ts
index 6283e5fd69..0a886ff64f 100644
--- a/packages/app-server/src/router/entry/index.ts
+++ b/packages/app-server/src/router/entry/index.ts
@@ -21,7 +21,7 @@ EntryRouter.post('/proxy/:policy', async (req, res) => {
   const params = proxy.parseParams({ ...req.body, requestId })
 
   // get injections
-  const injections = await policyComposition.injector_func(auth.uid, params)
+  const injections = await policyComposition.injector_func(auth, params)
 
   // validate query
   const result = await proxy.validate(params, injections)