diff --git a/src/Jwt/AbstractJwt.php b/src/Jwt/AbstractJwt.php
index 107bfcd..7f208ad 100644
--- a/src/Jwt/AbstractJwt.php
+++ b/src/Jwt/AbstractJwt.php
@@ -31,6 +31,7 @@ public function __construct(
         private readonly array $config,
         private readonly CacheManager $cacheManager,
         private readonly Clock $clock,
+        private readonly AccessTokenConstraint $accessTokenConstraint,
         private readonly RefreshTokenConstraint $refreshTokenConstraint
     ) {}
 
@@ -72,7 +73,8 @@ public function parserRefreshToken(string $refreshToken): UnencryptedToken
                     $this->clock,
                     $this->clock->now()->diff($this->getRefreshExpireAt($this->clock->now()))
                 ),
-                $this->getBlackListConstraint()
+                $this->getBlackListConstraint(),
+                $this->accessTokenConstraint
             );
     }
 
diff --git a/src/Jwt/AccessTokenConstraint.php b/src/Jwt/AccessTokenConstraint.php
new file mode 100644
index 0000000..b2caaae
--- /dev/null
+++ b/src/Jwt/AccessTokenConstraint.php
@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * This file is part of MineAdmin.
+ *
+ * @link     https://www.mineadmin.com
+ * @document https://doc.mineadmin.com
+ * @contact  root@imoi.cn
+ * @license  https://github.com/mineadmin/MineAdmin/blob/master/LICENSE
+ */
+
+namespace Mine\Jwt;
+
+use Lcobucci\JWT\Token;
+use Lcobucci\JWT\Validation\Constraint;
+use Lcobucci\JWT\Validation\ConstraintViolation;
+
+class AccessTokenConstraint implements Constraint
+{
+    public function assert(Token $token): void
+    {
+        if (! $token->isRelatedTo('refresh')) {
+            throw ConstraintViolation::error('Token is not a refresh token', $this);
+        }
+    }
+}