diff --git a/apps/web-antd/src/api/core/sso.ts b/apps/web-antd/src/api/core/sso.ts
index 162dbcb49..1665627b1 100644
--- a/apps/web-antd/src/api/core/sso.ts
+++ b/apps/web-antd/src/api/core/sso.ts
@@ -36,12 +36,11 @@ export async function ssoCallback(
   redirectUri: string,
   state?: string,
 ): Promise<SsoApi.SsoCallbackResult> {
+  // 走 body 而非 query：避免 code 落入浏览器历史 / nginx access log。
+  // 后端对应 @RequestBody SsoCallbackReqVO。
   const raw = await requestClient.post<SsoApi.SsoCallbackRawResult>(
     '/system/sso/callback',
-    null,
-    {
-      params: { clientId, code, redirectUri, state },
-    },
+    { clientId, code, redirectUri, state },
   );
   return {
     accessToken: raw.access_token,