diff --git a/app/Models/GKUser.php b/app/Models/GKUser.php
deleted file mode 100644
index b4f1d72..0000000
--- a/app/Models/GKUser.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-
-namespace App\Models;
-
-use Illuminate\Foundation\Auth\User as Authenticatable;
-use Illuminate\Notifications\Notifiable;
-use Laravel\Passport\HasApiTokens;
-use Spatie\Permission\Traits\HasRoles;
-
-class GKUser extends Authenticatable
-{
-    use HasApiTokens, Notifiable, HasRoles;
-
-    protected $table = 'gk_user';
-
-    protected $connection = 'db_sunday';
-
-    protected $fillable = [
-        'name',
-        'email',
-        'password',
-    ];
-
-    protected $hidden = [
-        'password',
-        'remember_token',
-    ];
-
-    protected function casts(): array
-    {
-        return [
-            'email_verified_at' => 'datetime',
-            'password' => 'hashed',
-        ];
-    }
-}
diff --git a/app/Passport/CustomUserRepository.php b/app/Passport/CustomUserRepository.php
deleted file mode 100644
index bdadd02..0000000
--- a/app/Passport/CustomUserRepository.php
+++ /dev/null
@@ -1,48 +0,0 @@
-<?php
-
-namespace App\Passport;
-
-use Laravel\Passport\Bridge\User;
-use Laravel\Passport\Bridge\UserRepository as PassportUserRepository;
-use League\OAuth2\Server\Entities\ClientEntityInterface;
-use Illuminate\Support\Facades\Hash;
-use App\Models\GKUser;
-
-class CustomUserRepository extends PassportUserRepository
-{
-    /**
-     * Retrieve a user entity by user credentials.
-     *
-     * @param string $username
-     * @param string $password
-     * @param string $grantType
-     * @param ClientEntityInterface $client
-     * @return User|null
-     */
-    public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $client)
-    {
-        $user = GKUser::where('email', $username)->first();
-
-        if (! $user) {
-            return;
-        }
-
-        $hashed = $user->password;
-
-        // Check if the password is already hashed using bcrypt
-        if (!Hash::needsRehash($hashed)) {
-            if (!Hash::check($password, $hashed)) {
-                return;
-            }
-        }
-        // If the password is hashed using MD5, verify and upgrade to bcrypt
-        elseif (md5($password) !== $hashed) {
-            return;
-        } else {
-            $user->password = Hash::make($password);
-            $user->save();
-        }
-
-        return new User($user->getAuthIdentifier());
-    }
-}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index 8cbe321..e6eaad1 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -5,11 +5,8 @@ namespace App\Providers;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 use Laravel\Passport\Passport;
 use League\OAuth2\Server\AuthorizationServer;
-use Laravel\Passport\Bridge\UserRepository as PassportUserRepository;
+use Laravel\Passport\Bridge\UserRepository;
 use Laravel\Passport\Bridge\RefreshTokenRepository;
-use Illuminate\Support\Facades\Auth;
-use App\Auth\Providers\MD5UserProvider;
-use App\Passport\CustomUserRepository; // ⬅️ bạn sẽ tạo file này
 use DateInterval;
 
 class AuthServiceProvider extends ServiceProvider
@@ -18,27 +15,17 @@ class AuthServiceProvider extends ServiceProvider
 
     public function boot(): void
     {
-        // Register custom user provider for MD5 password support
-        Auth::provider('md5provider', function ($app, array $config) {
-            return new MD5UserProvider($app['hash'], $config['model']);
-        });
-
-        // Override Passport's UserRepository to support MD5
-        $this->app->bind(PassportUserRepository::class, CustomUserRepository::class);
-
-        // Set Passport token expiration times
         Passport::tokensExpireIn(now()->addHour());
         Passport::refreshTokensExpireIn(now()->addMonth());
 
-        // Register Password Grant for OAuth
         $this->app->afterResolving(AuthorizationServer::class, function ($server) {
             $grant = new \League\OAuth2\Server\Grant\PasswordGrant(
-                app(PassportUserRepository::class),
+                app(UserRepository::class),
                 app(RefreshTokenRepository::class)
             );
+            $grant->setRefreshTokenTTL(new DateInterval('P1M')); // 1 tháng
 
-            $grant->setRefreshTokenTTL(new DateInterval('P1M'));
-            $server->enableGrantType($grant, new DateInterval('PT1H'));
+            $server->enableGrantType($grant, new DateInterval('PT1H')); // 1 giờ
         });
     }
 }
diff --git a/app/Providers/MD5UserProvider.php b/app/Providers/MD5UserProvider.php
deleted file mode 100644
index 9d30690..0000000
--- a/app/Providers/MD5UserProvider.php
+++ /dev/null
@@ -1,60 +0,0 @@
-<?php
-
-namespace App\Auth\Providers;
-
-use Illuminate\Auth\EloquentUserProvider;
-use Illuminate\Contracts\Auth\Authenticatable;
-use Illuminate\Support\Facades\Hash;
-
-class MD5UserProvider extends EloquentUserProvider
-{
-    /**
-     * Validate the user's credentials.
-     *
-     * This method checks the provided plain password against the stored hashed password.
-     * - If the stored password is hashed using Bcrypt (i.e., does not need rehashing), it uses Laravel's Hash::check.
-     * - If the stored password is an MD5 hash, it manually compares the MD5 hash of the plain password.
-     *   If matched, it automatically upgrades the password to Bcrypt and saves the user.
-     *
-     * @param \Illuminate\Contracts\Auth\Authenticatable $user The user instance.
-     * @param array $credentials The credentials array containing at least a 'password' key.
-     * @return bool Returns true if the credentials are valid, otherwise false.
-     */
-    public function validateCredentials(Authenticatable $user, array $credentials)
-    {
-        $plain = $credentials['password'];
-        $hashed = $user->getAuthPassword();
-
-        /**
-         * Checks if the given hashed password needs to be rehashed.
-         * If the hash does not require rehashing (e.g., it is already using Bcrypt),
-         * verifies the plain password against the hashed value using Laravel's Hash facade.
-         *
-         * @param string $plain  The plain text password to verify.
-         * @param string $hashed The hashed password stored in the database.
-         * @return bool Returns true if the plain password matches the hashed value, false otherwise.
-         */
-        if (!Hash::needsRehash($hashed)) {
-            return Hash::check($plain, $hashed);
-        }
-
-        /**
-         * Checks if the given plain password matches the stored MD5 hash.
-         * If matched, automatically upgrades the user's password to a secure hash using Laravel's Hash facade.
-         * Saves the upgraded password to the database.
-         *
-         * @param string $plain  The plain text password provided by the user.
-         * @param string $hashed The stored MD5 hashed password.
-         * @return bool Returns true if the password matches and is upgraded, otherwise false.
-         */
-        if (md5($plain) === $hashed) {
-            // Tự động upgrade
-            $user->password = Hash::make($plain);
-            $user->save();
-
-            return true;
-        }
-
-        return false;
-    }
-}
diff --git a/config/auth.php b/config/auth.php
index 69c403c..6d9c511 100644
--- a/config/auth.php
+++ b/config/auth.php
@@ -42,7 +42,7 @@ return [
         ],
 
         'api' => [
-            'driver' => 'passport',  //
+            'driver' => 'passport',  // ← Quan trọng: phải là 'passport'
             'provider' => 'users',
         ],
     ],
@@ -66,9 +66,8 @@ return [
 
     'providers' => [
         'users' => [
-            // 'driver' => 'eloquent',
-            'driver' => 'md5provider',
-            'model' => App\Models\GKUser::class,
+            'driver' => 'eloquent',
+            'model' => env('AUTH_MODEL', App\Models\User::class),
         ],
 
         // 'users' => [