diff --git a/ee/backend/pkg/spot/auth/authorizer.go b/ee/backend/pkg/spot/auth/authorizer.go
index 2117ef311..244961318 100644
--- a/ee/backend/pkg/spot/auth/authorizer.go
+++ b/ee/backend/pkg/spot/auth/authorizer.go
@@ -12,7 +12,7 @@ func (a *authImpl) IsAuthorized(authHeader string, permissions []string, isExten
 		return nil, err
 	}
 
-	user, err := authUser(a.pgconn, jwtInfo.UserId, jwtInfo.TenantID, int(jwtInfo.IssuedAt.Unix()))
+	user, err := authUser(a.pgconn, jwtInfo.UserId, jwtInfo.TenantID, int(jwtInfo.IssuedAt.Unix()), isExtension)
 	if err != nil {
 		return nil, err
 	}
diff --git a/ee/backend/pkg/spot/auth/storage.go b/ee/backend/pkg/spot/auth/storage.go
index 7df89bb1d..25d623c34 100644
--- a/ee/backend/pkg/spot/auth/storage.go
+++ b/ee/backend/pkg/spot/auth/storage.go
@@ -3,15 +3,18 @@ package auth
 import (
 	"fmt"
 	"openreplay/backend/pkg/db/postgres/pool"
+	"strings"
 )
 
-func authUser(conn pool.Pool, userID, tenantID, jwtIAT int) (*User, error) {
+func authUser(conn pool.Pool, userID, tenantID, jwtIAT int, isExtension bool) (*User, error) {
 	sql := `SELECT user_id, users.tenant_id, users.name, email, EXTRACT(epoch FROM spot_jwt_iat)::BIGINT AS spot_jwt_iat, roles.permissions
 		FROM users
 		JOIN tenants on users.tenant_id = tenants.tenant_id
 		JOIN roles on users.role_id = roles.role_id
 		WHERE users.user_id = $1 AND users.tenant_id = $2 AND users.deleted_at IS NULL ;`
-
+	if !isExtension {
+		sql = strings.ReplaceAll(sql, "spot_jwt_iat", "jwt_iat")
+	}
 	user := &User{}
 	var permissions []string
 	if err := conn.QueryRow(sql, userID, tenantID).