diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
index cfbfdd20..9f0fabba 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
@@ -2,6 +2,7 @@ package cn.axzo.tyr.client.model.req;
 
 import cn.axzo.framework.auth.domain.TerminalInfo;
 import cn.axzo.tyr.client.common.enums.WorkspaceJoinType;
+import cn.axzo.tyr.client.model.enums.FeatureType;
 import cn.axzo.tyr.client.model.enums.IdentityType;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
@@ -11,7 +12,11 @@ import lombok.NoArgsConstructor;
 import javax.validation.Valid;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 /**
  * @author tanjie@axzo.cn
@@ -46,6 +51,10 @@ public class IdentityAuthReq {
      * {@link TerminalInfo#NT()}
      */
     private String terminal;
+    @Builder.Default
+    private Set<Long> featureId = new HashSet<>();
+    @Builder.Default
+    private Set<String> featureCode = new HashSet<>();
 
 
     @Data
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
index fc1996ac..85be12f6 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
@@ -461,11 +461,21 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                                 .build());
 
                         workspacePermission.getPermissionPoint().addAll(allPermissionPoint.stream()
+                                .filter(permissionPointTreeNode -> {
+
+                                    if (CollectionUtil.isEmpty(identityAuthReq.getFeatureId()) && CollectionUtil.isEmpty(identityAuthReq.getFeatureCode())) {
+                                        return Boolean.TRUE;
+                                    }
+
+                                            return (identityAuthReq.getFeatureId().contains(permissionPointTreeNode.getPermissionPointId())) ||
+                                                    identityAuthReq.getFeatureCode().contains(permissionPointTreeNode.getCode());
+                                        }
+                                )
                                 .map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder()
-                                       .featureCode(permissionPointTreeNode.getCode())
+                                        .featureCode(permissionPointTreeNode.getCode())
                                         .featureId(permissionPointTreeNode.getPermissionPointId())
-                              //          .terminal(permissionPointTreeNode.getTerminal())
-                                //        .featureType(FeatureType.apply(permissionPointTreeNode.getFeatureType()))
+                                        //          .terminal(permissionPointTreeNode.getTerminal())
+                                        //        .featureType(FeatureType.apply(permissionPointTreeNode.getFeatureType()))
                                         .build())
                                 .collect(Collectors.toList()));