diff --git a/app/controllers/ci/cloud_accounts_controller.rb b/app/controllers/ci/cloud_accounts_controller.rb
index 0b230566f..bb5df9895 100644
--- a/app/controllers/ci/cloud_accounts_controller.rb
+++ b/app/controllers/ci/cloud_accounts_controller.rb
@@ -87,7 +87,10 @@ class Ci::CloudAccountsController < Ci::BaseController
     password = params[:password].to_s
     return render_error('你输入的密码不正确.') unless current_user.check_password?(password)
 
-    result = gitea_oauth_grant!(current_user.login, password, @cloud_account.drone_url, current_user.oauths.last&.client_id)
+    oauth = current_user.oauths.last
+    return render_error("服务器出小差了.") if oauth.blank?
+
+    result = gitea_oauth_grant!(password, oauth)
     result === true ? render_ok : render_error('授权失败.')
   end
 
diff --git a/app/controllers/concerns/ci/cloud_account_manageable.rb b/app/controllers/concerns/ci/cloud_account_manageable.rb
index f27267023..7a1011154 100644
--- a/app/controllers/concerns/ci/cloud_account_manageable.rb
+++ b/app/controllers/concerns/ci/cloud_account_manageable.rb
@@ -89,13 +89,24 @@ module Ci::CloudAccountManageable
     Ci::CloudAccount.exists?(ip_num: ip_num) ? [true, "#{devops_params[:ip_num]}服务器已被使用."] : [false, nil]
   end
 
-  def gitea_oauth_grant!(username, password, drone_url, client_id)
+  def gitea_auto_create_auth_grant!(gitea_oauth_id)
+    connection = Gitea::Database.set_connection.connection
+    unix_time = Time.now.to_i
+
+    # 目前直接操作db，可以建立对应的model进行操作
+    sql = "INSERT INTO oauth2_grant ( user_id, application_id, counter, created_unix, updated_unix ) VALUES ( #{current_user.gitea_uid}, #{gitea_oauth_id}, 0, #{unix_time}, #{unix_time} );"
+    connection.execute(sql)
+  end
+
+  def gitea_oauth_grant!(password, oauth)
+    gitea_auto_create_auth_grant!(oauth&.gitea_oauth_id)
+
     state = SecureRandom.hex(8)
 
     # redirect_uri eg:
     #  https://localhost:3000/login/oauth/authorize?client_id=94976481-ad0e-4ed4-9247-7eef106007a2&redirect_uri=http%3A%2F%2F121.69.81.11%3A80%2Flogin&response_type=code&state=9cab990b9cfb1805
-    redirect_uri = CGI.escape("#{drone_url}/login")
-    grant_url = "#{Gitea.gitea_config[:domain]}/login/oauth/authorize?client_id=#{client_id}&redirect_uri=#{redirect_uri}&response_type=code&state=#{state}"
+    redirect_uri = CGI.escape("#{@cloud_account.drone_url}/login")
+    grant_url = "#{Gitea.gitea_config[:domain]}/login/oauth/authorize?client_id=#{oauth&.client_id}&redirect_uri=#{redirect_uri}&response_type=code&state=#{state}"
     logger.info "[gitea] grant_url: #{grant_url}"
 
     conn = Faraday.new(url: grant_url) do |req|