diff --git a/controllers/auth.go b/controllers/auth.go
index c9c0c90e..46a2f6a9 100644
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -183,6 +183,7 @@ func (c *ApiController) Login() {
 			resp = c.HandleLoggedIn(application, user, &form)
 		}
 	} else if form.Provider != "" {
+		organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", form.Organization))
 		application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 		provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))
 		providerItem := application.GetProviderItem(provider.Name)
@@ -287,7 +288,7 @@ func (c *ApiController) Login() {
 				object.AddUser(user)
 
 				// sync info from 3rd-party if possible
-				object.SetUserOAuthProperties(user, provider.Type, userInfo)
+				object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
 
 				object.LinkUserAccount(user, provider.Type, userInfo.Id)
 
@@ -317,7 +318,7 @@ func (c *ApiController) Login() {
 			user := object.GetUser(userId)
 
 			// sync info from 3rd-party if possible
-			object.SetUserOAuthProperties(user, provider.Type, userInfo)
+			object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
 
 			isLinked := object.LinkUserAccount(user, provider.Type, userInfo.Id)
 			if isLinked {
diff --git a/object/user_util.go b/object/user_util.go
index 54956eca..2d1b9cb6 100644
--- a/object/user_util.go
+++ b/object/user_util.go
@@ -104,7 +104,7 @@ func setUserProperty(user *User, field string, value string) {
 	}
 }
 
-func SetUserOAuthProperties(user *User, providerType string, userInfo *idp.UserInfo) bool {
+func SetUserOAuthProperties(organization *Organization, user *User, providerType string, userInfo *idp.UserInfo) bool {
 	if userInfo.Id != "" {
 		propertyName := fmt.Sprintf("oauth_%s_id", providerType)
 		setUserProperty(user, propertyName, userInfo.Id)
@@ -130,7 +130,7 @@ func SetUserOAuthProperties(user *User, providerType string, userInfo *idp.UserI
 	if userInfo.AvatarUrl != "" {
 		propertyName := fmt.Sprintf("oauth_%s_avatarUrl", providerType)
 		setUserProperty(user, propertyName, userInfo.AvatarUrl)
-		if user.Avatar == "" {
+		if user.Avatar == "" || user.Avatar == organization.DefaultAvatar {
 			user.Avatar = userInfo.AvatarUrl
 		}
 	}