diff --git a/backend/apps/system/middleware/auth.py b/backend/apps/system/middleware/auth.py
index 2dd20187..41167624 100644
--- a/backend/apps/system/middleware/auth.py
+++ b/backend/apps/system/middleware/auth.py
@@ -169,6 +169,9 @@ async def validateEmbedded(self, param: str, trans: I18n) -> tuple[any]:
                     raise Exception(message)
                 assistant_info = await get_assistant_info(session=session, assistant_id=embeddedId)
                 assistant_info = AssistantModel.model_validate(assistant_info)
+                payload = jwt.decode(
+                    param, assistant_info.app_secret, algorithms=[security.ALGORITHM]
+                )
                 assistant_info = AssistantHeader.model_validate(assistant_info.model_dump(exclude_unset=True))
                 return True, session_user, assistant_info
         except Exception as e: