diff --git a/keycloak-wx-provider-app/src/main/java/cc/coopersoft/keycloak/wx/app/providers/directgrant/WXAppAuthenticator.java b/keycloak-wx-provider-app/src/main/java/cc/coopersoft/keycloak/wx/app/providers/directgrant/WXAppAuthenticator.java
index d8689a6..90b955b 100644
--- a/keycloak-wx-provider-app/src/main/java/cc/coopersoft/keycloak/wx/app/providers/directgrant/WXAppAuthenticator.java
+++ b/keycloak-wx-provider-app/src/main/java/cc/coopersoft/keycloak/wx/app/providers/directgrant/WXAppAuthenticator.java
@@ -140,10 +140,14 @@ private boolean isSingleApp(AuthenticationFlowContext context) {
             .equals("false");
   }
 
-  private String getWXAppId(AuthenticationFlowContext context){
+  private String getWXAppId(AuthenticationFlowContext context) {
     return context.getAuthenticatorConfig().getConfig().get(WXAppAuthenticatorFactory.WX_API_ID);
   }
 
+  private String getAppIdKey(AuthenticationFlowContext context) {
+    return isSingleApp(context) ? USER_OPEN_ID_ATTRIBUTE : USER_OPEN_ID_ATTRIBUTE + "_" + getWXAppId(context);
+  }
+
   private Optional<WXAPICredentials> getWXAPICredentials(AuthenticationFlowContext context){
 
     String appid = getWXAppId(context); //context.getAuthenticatorConfig().getConfig().get(WXAppAuthenticatorFactory.WX_API_ID);
@@ -166,6 +170,12 @@ private Optional<UserModel> findUser(AuthenticationFlowContext context, String u
     var userProvider = context.getSession().users();
 
     return userProvider.searchForUserByUserAttributeStream(context.getRealm(), USER_UNION_ID_ATTRIBUTE, unionId).findFirst()
+        .map( it -> {
+          String appIdKey = getAppIdKey(context);
+          if (!it.getAttributes().containsKey(appIdKey))
+            it.setSingleAttribute(appIdKey, openId);
+          return it;
+        })
         //.or(() -> userProvider.searchForUserByUserAttributeStream(context.getRealm(), USER_OPEN_ID_ATTRIBUTE, openId).findFirst())
         .or(() -> createEveryUser(context,unionId,openId));
 
@@ -191,7 +201,7 @@ private Optional<UserModel> createEveryUser(AuthenticationFlowContext context, S
       newUser.setEnabled(true);
       newUser.setSingleAttribute(USER_UNION_ID_ATTRIBUTE, unionId);
 
-      newUser.setSingleAttribute(isSingleApp(context) ? USER_OPEN_ID_ATTRIBUTE : USER_OPEN_ID_ATTRIBUTE + "_" + getWXAppId(context), openId);
+      newUser.setSingleAttribute(getAppIdKey(context), openId);
 
       //context.getAuthenticationSession().setClientNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, unionId);
       logger.info("create user by wx :" + unionId);
diff --git a/pom.xml b/pom.xml
index baab830..13b27ac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -46,7 +46,7 @@
         <maven.compiler.source>21</maven.compiler.source>
         <maven.compiler.target>21</maven.compiler.target>
         <java.version>21</java.version>
-        <version.keycloak>25.0.4</version.keycloak>
+        <version.keycloak>25.0.6</version.keycloak>
         <version.lombok>1.18.34</version.lombok>
     </properties>