diff --git a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/DefaultRefreshTokenGranter.java b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/DefaultRefreshTokenGranter.java
index c0d395448..621e00569 100644
--- a/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/DefaultRefreshTokenGranter.java
+++ b/hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/server/support/refresh/DefaultRefreshTokenGranter.java
@@ -41,7 +41,7 @@ import static org.hswebframework.web.oauth2.core.ErrorType.*;
 public class DefaultRefreshTokenGranter extends AbstractAuthorizationService implements RefreshTokenGranter {
 
     //默认有效时间为1年
-    private long refreshTokenTimeOut = 365 * 24 * 60 * 60 * 1000L;
+    private long refreshTokenTimeOut = 365_24_60_60_1000L;
 
     public void setRefreshTokenTimeOut(long refreshTokenTimeOut) {
         this.refreshTokenTimeOut = refreshTokenTimeOut;
@@ -71,7 +71,7 @@ public class DefaultRefreshTokenGranter extends AbstractAuthorizationService imp
             return accessToken;
         }
         Set<String> newRange = request.getScope() != null ? request.getScope() : accessToken.getScope();
-        if (!accessToken.getScope().containsAll(newRange)) {
+        if (accessToken.getScope() != null && !accessToken.getScope().containsAll(newRange)) {
             throw new GrantTokenException(ErrorType.SCOPE_OUT_OF_RANGE);
         }
         accessToken.setAccessToken(accessTokenService.createToken().getAccessToken());