diff --git a/app/api/controller/v1/Auth.php b/app/api/controller/v1/Auth.php
index 208fa21..6eb5f8e 100644
--- a/app/api/controller/v1/Auth.php
+++ b/app/api/controller/v1/Auth.php
@@ -27,8 +27,8 @@ class Auth extends Api
     protected int $timeTolerance = 300;
 
     /**
-     * 获取鉴权 Token
-     * 参数：signature（签名）、secret（密钥）、agent_id（代理）、time（时间戳）
+     * 获取鉴权 Token（GET 请求）
+     * 参数仅从 Query 读取：signature、secret、agent_id、time
      * 返回：authtoken；失败返回 code=0 及失败信息
      */
     public function authToken(Request $request): Response
@@ -38,13 +38,13 @@ class Auth extends Api
             return $response;
         }
 
-        $signature = $request->post('signature', $request->get('signature', ''));
-        $secret = $request->post('secret', $request->get('secret', ''));
-        $agentId = $request->post('agent_id', $request->get('agent_id', ''));
-        $time = $request->post('time', $request->get('time', ''));
+        $signature = $request->get('signature', '');
+        $secret = $request->get('secret', '');
+        $agentId = $request->get('agent_id', '');
+        $time = $request->get('time', '');
 
         if ($signature === '' || $secret === '' || $agentId === '' || $time === '') {
-            return $this->error(__('Parameter %s can not be empty', ['signature/secret/agent_id/time']));
+            return $this->error(__('Parameter signature/secret/agent_id/time can not be empty'));
         }
 
         $timestamp = (int) $time;
@@ -76,7 +76,7 @@ class Auth extends Api
             return $this->error(__('Invalid agent or secret'));
         }
 
-        $expectedSignature = hash_hmac('sha256', $agentId . $time, $channel->secret);
+        $expectedSignature = strtoupper(md5($agentId . $secret . $time));
         if (!hash_equals($expectedSignature, $signature)) {
             return $this->error(__('Invalid signature'));
         }