diff --git a/controllers/account.go b/controllers/account.go
index 3e878bdc..cf8bf224 100644
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -307,6 +307,7 @@ func (c *ApiController) Logout() {
 		}
 
 		c.ClearUserSession()
+		c.ClearTokenSession()
 		owner, username := util.GetOwnerAndNameFromId(user)
 		_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
 		if err != nil {
@@ -353,6 +354,7 @@ func (c *ApiController) Logout() {
 		}
 
 		c.ClearUserSession()
+		c.ClearTokenSession()
 		// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
 		owner, username := util.GetOwnerAndNameFromId(user)
 
@@ -433,6 +435,17 @@ func (c *ApiController) GetAccount() {
 		return
 	}
 
+	token := c.GetSessionToken()
+	if token == nil {
+		token, err = object.GetTokenForExtension(user, c.Ctx.Request.Host)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+		c.SetSessionToken(token)
+	}
+	u.AccessToken = token.AccessToken
+
 	resp := Response{
 		Status: "ok",
 		Sub:    user.Id,
diff --git a/controllers/base.go b/controllers/base.go
index 4342c8bb..a55826de 100644
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -122,6 +122,17 @@ func (c *ApiController) GetSessionUsername() string {
 	return user.(string)
 }
 
+func (c *ApiController) GetSessionToken() *object.Token {
+	tokenValue := c.GetSession("token")
+	var token *object.Token
+	var ok bool
+	if token, ok = tokenValue.(*object.Token); !ok {
+		token = nil
+	}
+
+	return token
+}
+
 func (c *ApiController) GetSessionApplication() *object.Application {
 	clientId := c.GetSession("aud")
 	if clientId == nil {
@@ -141,6 +152,10 @@ func (c *ApiController) ClearUserSession() {
 	c.SetSessionData(nil)
 }
 
+func (c *ApiController) ClearTokenSession() {
+	c.SetSessionToken(nil)
+}
+
 func (c *ApiController) GetSessionOidc() (string, string) {
 	sessionData := c.GetSessionData()
 	if sessionData != nil &&
@@ -167,6 +182,10 @@ func (c *ApiController) SetSessionUsername(user string) {
 	c.SetSession("username", user)
 }
 
+func (c *ApiController) SetSessionToken(token *object.Token) {
+	c.SetSession("token", token)
+}
+
 // GetSessionData ...
 func (c *ApiController) GetSessionData() *SessionData {
 	session := c.GetSession("SessionData")
diff --git a/object/init.go b/object/init.go
index 16174a73..0861be1f 100644
--- a/object/init.go
+++ b/object/init.go
@@ -45,6 +45,7 @@ func InitDb() {
 	}
 
 	initWebAuthn()
+	initToken()
 }
 
 func getBuiltInAccountItems() []*AccountItem {
@@ -309,6 +310,10 @@ func initWebAuthn() {
 	gob.Register(webauthn.SessionData{})
 }
 
+func initToken() {
+	gob.Register(&Token{})
+}
+
 func initBuiltInUserModel() {
 	model, err := GetModel("built-in/user-model-built-in")
 	if err != nil {
diff --git a/object/token_oauth.go b/object/token_oauth.go
index 1b1256ab..8b4f12eb 100644
--- a/object/token_oauth.go
+++ b/object/token_oauth.go
@@ -726,3 +726,19 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 	}
 	return token, nil, nil
 }
+
+func GetTokenForExtension(user *User, host string) (*Token, error) {
+	application, err := GetApplicationByUser(user)
+	if err != nil {
+		return nil, err
+	}
+	if application == nil {
+		return nil, fmt.Errorf("the application for user %s is not found", user.Id)
+	}
+
+	token, err := GetTokenByUser(application, user, "profile", "", host)
+	if err != nil {
+		return nil, err
+	}
+	return token, nil
+}
diff --git a/object/user.go b/object/user.go
index 418e7e90..5fc1b581 100644
--- a/object/user.go
+++ b/object/user.go
@@ -98,6 +98,7 @@ type User struct {
 	PreHash           string   `xorm:"varchar(100)" json:"preHash"`
 	AccessKey         string   `xorm:"varchar(100)" json:"accessKey"`
 	AccessSecret      string   `xorm:"varchar(100)" json:"accessSecret"`
+	AccessToken       string   `xorm:"mediumtext" json:"accessToken"`
 
 	CreatedIp      string `xorm:"varchar(100)" json:"createdIp"`
 	LastSigninTime string `xorm:"varchar(100)" json:"lastSigninTime"`
diff --git a/web/src/App.js b/web/src/App.js
index 80874ad3..ac18feda 100644
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -51,6 +51,7 @@ class App extends Component {
       classes: props,
       selectedMenuKey: 0,
       account: undefined,
+      accessToken: undefined,
       uri: null,
       themeAlgorithm: storageThemeAlgorithm,
       themeData: Conf.ThemeDefault,
@@ -228,9 +229,11 @@ class App extends Component {
     AuthBackend.getAccount(query)
       .then((res) => {
         let account = null;
+        let accessToken = null;
         if (res.status === "ok") {
           account = res.data;
           account.organization = res.data2;
+          accessToken = res.data.accessToken;
 
           this.setLanguage(account);
           this.setTheme(Setting.getThemeData(account.organization), Conf.InitThemeAlgorithm);
@@ -242,6 +245,7 @@ class App extends Component {
 
         this.setState({
           account: account,
+          accessToken: accessToken,
         });
       });
   }
@@ -256,6 +260,7 @@ class App extends Component {
     return (
       <React.Fragment>
         {!this.state.account ? null : <div style={{display: "none"}} id="CasdoorApplicationName" value={this.state.account.signupApplication} />}
+        {!this.state.account ? null : <div style={{display: "none"}} id="CasdoorAccessToken" value={this.state.accessToken} />}
         <Footer id="footer" style={
           {
             textAlign: "center",