diff --git a/controllers/auth.go b/controllers/auth.go
index 0b511c1c..35f7c0c3 100644
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -198,14 +198,26 @@ func (c *ApiController) Login() {
 			user := object.GetUser(userId)
 
 			// sync info from 3rd-party if possible
-			if user.DisplayName == "" && userInfo.Username != "" {
-				object.SetUserField(user, "display_name", userInfo.Username)
+			if userInfo.Username != "" {
+				propertyName := fmt.Sprintf("oauth_%s_username", provider.Type)
+				object.SetUserProperty(user, propertyName, userInfo.Username)
+				if user.DisplayName == "" {
+					object.SetUserField(user, "display_name", userInfo.Username)
+				}
 			}
-			if user.Avatar == "" && userInfo.AvatarUrl != "" {
-				object.SetUserField(user, "avatar", userInfo.AvatarUrl)
+			if userInfo.AvatarUrl != "" {
+				propertyName := fmt.Sprintf("oauth_%s_avatarUrl", provider.Type)
+				object.SetUserProperty(user, propertyName, userInfo.AvatarUrl)
+				if user.Avatar == "" {
+					object.SetUserField(user, "avatar", userInfo.AvatarUrl)
+				}
 			}
-			if user.Email == "" && userInfo.Email != "" {
-				object.SetUserField(user, "email", userInfo.Email)
+			if userInfo.Email != "" {
+				propertyName := fmt.Sprintf("oauth_%s_email", provider.Type)
+				object.SetUserProperty(user, propertyName, userInfo.Email)
+				if user.Email == "" {
+					object.SetUserField(user, "email", userInfo.Email)
+				}
 			}
 
 			isLinked := object.LinkUserAccount(user, provider.Type, userInfo.Username)
diff --git a/object/user.go b/object/user.go
index b901697a..756a4ad7 100644
--- a/object/user.go
+++ b/object/user.go
@@ -35,6 +35,7 @@ type User struct {
 	Phone         string `xorm:"varchar(100)" json:"phone"`
 	Affiliation   string `xorm:"varchar(100)" json:"affiliation"`
 	Tag           string `xorm:"varchar(100)" json:"tag"`
+	Ranking       int    `json:"ranking"`
 	IsAdmin       bool   `json:"isAdmin"`
 	IsGlobalAdmin bool   `json:"isGlobalAdmin"`
 	IsForbidden   bool   `json:"isForbidden"`
@@ -45,6 +46,8 @@ type User struct {
 	Google string `xorm:"varchar(100)" json:"google"`
 	QQ     string `xorm:"qq varchar(100)" json:"qq"`
 	WeChat string `xorm:"wechat varchar(100)" json:"wechat"`
+
+	Properties map[string]string `json:"properties"`
 }
 
 func GetGlobalUsers() []*User {
diff --git a/object/user_util.go b/object/user_util.go
index c86a090b..2943cb45 100644
--- a/object/user_util.go
+++ b/object/user_util.go
@@ -92,6 +92,21 @@ func GetUserField(user *User, field string) string {
 	return f.String()
 }
 
+func SetUserProperty(user *User, field string, value string) bool {
+	if value == "" {
+		delete(user.Properties, field)
+	} else {
+		user.Properties[field] = value
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{user.Owner, user.Name}).Cols("properties").Update(user)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
 func calculateHash(user *User) string {
 	s := strings.Join([]string{user.Id, user.Password, user.DisplayName, user.Avatar, user.Phone}, "|")
 	return util.GetMd5Hash(s)
diff --git a/web/src/UserListPage.js b/web/src/UserListPage.js
index c8e930d2..312aecba 100644
--- a/web/src/UserListPage.js
+++ b/web/src/UserListPage.js
@@ -44,7 +44,7 @@ class UserListPage extends React.Component {
 
   newUser() {
     return {
-      owner: "admin", // this.props.account.username,
+      owner: "built-in", // this.props.account.username,
       name: `user_${this.state.users.length}`,
       createdTime: moment().format(),
       type: "normal-user",
@@ -58,6 +58,7 @@ class UserListPage extends React.Component {
       isAdmin: false,
       isGlobalAdmin: false,
       IsForbidden: false,
+      properties: {},
     }
   }
 
diff --git a/web/src/auth/AuthCallback.js b/web/src/auth/AuthCallback.js
index b6f2647e..0935d3e9 100644
--- a/web/src/auth/AuthCallback.js
+++ b/web/src/auth/AuthCallback.js
@@ -68,18 +68,22 @@ class AuthCallback extends React.Component {
 
   UNSAFE_componentWillMount() {
     const params = new URLSearchParams(this.props.location.search);
+    const code = params.get("code");
+
     const innerParams = this.getInnerParams();
     const applicationName = innerParams.get("application");
     const providerName = innerParams.get("provider");
     const method = innerParams.get("method");
+
     let redirectUri = `${window.location.origin}/callback`;
+
     const body = {
       type: this.getResponseType(),
       application: applicationName,
       provider: providerName,
-      code: params.get("code"),
+      code: code,
       // state: innerParams.get("state"),
-      state: innerParams.get("application"),
+      state: applicationName,
       redirectUri: redirectUri,
       method: method,
     };