diff --git a/object/token_jwt.go b/object/token_jwt.go
index 9f0808c1..a230bcd9 100644
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@@ -365,6 +365,10 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		},
 	}
 
+	if application.IsShared {
+		claims.Audience = []string{application.ClientId + "-org-" + user.Owner}
+	}
+
 	var token *jwt.Token
 	var refreshToken *jwt.Token
 
diff --git a/web/src/ApplicationEditPage.js b/web/src/ApplicationEditPage.js
index cfe0ffc7..04984005 100644
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@@ -1009,7 +1009,7 @@ class ApplicationEditPage extends React.Component {
     }
 
     let clientId = this.state.application.clientId;
-    if (this.state.application.isShared && this.props.account.owner !== "built-in") {
+    if (this.state.application.isShared) {
       clientId += `-org-${this.props.account.owner}`;
     }
     const signInUrl = `/login/oauth/authorize?client_id=${clientId}&response_type=code&redirect_uri=${redirectUri}&scope=read&state=casdoor`;