diff --git a/src/auth/AuthProvider.tsx b/src/auth/AuthProvider.tsx
index 70a8a30..1603552 100644
--- a/src/auth/AuthProvider.tsx
+++ b/src/auth/AuthProvider.tsx
@@ -70,32 +70,19 @@ export default function AuthProvider({ children }: { children: ReactNode }) {
     }
 
     try {
-      // 3. 通过后端代理交换 jumpToken
-      const exchangeRes = await fetch(`${AUTH_API}/exchange?jumpToken=${encodeURIComponent(jumpToken)}`);
-      const exchangeData = await exchangeRes.json();
+      // 3. 一步完成：jumpToken → 用户信息 + JWT
+      const res = await fetch(`${AUTH_API}/exchange?jumpToken=${encodeURIComponent(jumpToken)}`);
+      const data = await res.json();
 
-      if (!exchangeRes.ok || !exchangeData.token) {
-        setState({ isLoading: false, isAuthenticated: false, user: null, error: '跳转令牌无效或已过期' });
+      if (!res.ok || !data.token) {
+        setState({ isLoading: false, isAuthenticated: false, user: null, error: data.message || '跳转令牌无效或已过期' });
         return;
       }
 
-      // 4. 用 sessionToken 登录获取 JWT
-      const loginRes = await fetch(`${AUTH_API}/login`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ token: exchangeData.token }),
-      });
-      const loginData = await loginRes.json();
-
-      if (!loginRes.ok || !loginData.token) {
-        setState({ isLoading: false, isAuthenticated: false, user: null, error: '获取用户信息失败' });
-        return;
-      }
-
-      // 5. 存储 JWT
-      tokenRef.current = loginData.token;
-      sessionStorage.setItem('bi_jwt', loginData.token);
-      sessionStorage.setItem('bi_user', JSON.stringify(loginData.user));
+      // 4. 存储 JWT
+      tokenRef.current = data.token;
+      sessionStorage.setItem('bi_jwt', data.token);
+      sessionStorage.setItem('bi_user', JSON.stringify(data.user));
 
       // 6. 清除 URL 中的 jumpToken
       params.delete('jumpToken');
@@ -107,7 +94,7 @@ export default function AuthProvider({ children }: { children: ReactNode }) {
       setState({
         isLoading: false,
         isAuthenticated: true,
-        user: loginData.user,
+        user: data.user,
         error: null,
       });
     } catch (e) {
diff --git a/src/server/auth/login.ts b/src/server/auth/login.ts
index 2858995..467994f 100644
--- a/src/server/auth/login.ts
+++ b/src/server/auth/login.ts
@@ -9,7 +9,7 @@ const app = new Hono();
 const EXTERNAL_API_BASE = process.env.EXTERNAL_API_BASE || 'https://beta.lnh2e.com';
 const JWT_SECRET = process.env.JWT_SECRET || 'ln-bi-default-secret';
 
-/** GET /api/auth/exchange?jumpToken=xxx — 代理 jumpToken 换取 sessionToken */
+/** GET /api/auth/exchange?jumpToken=xxx — 一步完成：换取用户信息 + 签发 JWT */
 app.get('/exchange', async (c) => {
   const jumpToken = c.req.query('jumpToken');
   if (!jumpToken) return c.json({ error: 'Missing jumpToken' }, 400);
@@ -18,47 +18,27 @@ app.get('/exchange', async (c) => {
     const res = await fetch(
       `${EXTERNAL_API_BASE}/api/lingniu-manager-v1/v1/auth/issueTokenByJump?jumpToken=${encodeURIComponent(jumpToken)}`
     );
-    const data = await res.json() as { code: number; data: string | null; message: string };
-
-    if (data.code !== 0 || !data.data) {
-      return c.json({ error: 'Token exchange failed', message: data.message }, 401);
-    }
-
-    return c.json({ token: data.data });
-  } catch (e: unknown) {
-    console.error('jumpToken exchange error:', e);
-    return c.json({ error: 'Token exchange failed' }, 500);
-  }
-});
-
-/** POST /api/auth/login — 用外部 sessionToken 获取用户信息，签发 JWT */
-app.post('/login', async (c) => {
-  const body = await c.req.json<{ token: string }>().catch(() => null);
-  if (!body?.token) return c.json({ error: 'Missing token' }, 400);
-
-  try {
-    // 调用外部 API 获取用户信息
-    const res = await fetch(
-      `${EXTERNAL_API_BASE}/api/lingniu-manager-v1/v1/auth/getLoginUserInfo`,
-      { headers: { g7litegtoken: body.token } }
-    );
     const data = await res.json() as {
       code: number;
       data: {
-        id: string;
-        userName: string;
-        loginName: string;
-        depCode: string;
-        orgId: string;
-        roles: { roleName: string; id: string }[];
+        userInfo: {
+          id: string;
+          userName: string;
+          loginName: string;
+          depCode: string;
+          orgId: string;
+          roles: { roleName: string; id: string }[];
+        };
+        token: string;
       } | null;
+      message: string;
     };
 
-    if (data.code !== 0 || !data.data) {
-      return c.json({ error: 'Failed to get user info' }, 401);
+    if (data.code !== 0 || !data.data?.userInfo) {
+      return c.json({ error: 'Token exchange failed', message: data.message }, 401);
     }
 
-    const userInfo = data.data;
+    const userInfo = data.data.userInfo;
     const roleNames = userInfo.roles.map(r => r.roleName);
 
     // 确定权限级别
@@ -89,13 +69,12 @@ app.post('/login', async (c) => {
     };
 
     const token = jwt.sign(payload, JWT_SECRET, { expiresIn: '8h' });
-
     const authUser: AuthUser = { ...payload };
 
     return c.json({ token, user: authUser });
   } catch (e: unknown) {
-    console.error('login error:', e);
-    return c.json({ error: 'Login failed' }, 500);
+    console.error('auth exchange error:', e);
+    return c.json({ error: 'Authentication failed' }, 500);
   }
 });