diff --git a/account/serializers.py b/account/serializers.py
index 4b3285a..d4f3995 100644
--- a/account/serializers.py
+++ b/account/serializers.py
@@ -65,6 +65,7 @@ class ResetPasswordSerializer(serializers.Serializer):
 
 
 class SSOSerializer(serializers.Serializer):
+    appkey = serializers.CharField(max_length=35)
     token = serializers.CharField(max_length=40)
 
 
diff --git a/account/views.py b/account/views.py
index 9aa4453..4a6db82 100644
--- a/account/views.py
+++ b/account/views.py
@@ -327,8 +327,9 @@ class ApplyResetPasswordAPIView(APIView):
 
             email_template = email_template.replace("{{ username }}", user.username). \
                 replace("{{ website_name }}", settings.WEBSITE_INFO["website_name"]). \
-                replace("{{ link }}", request.scheme + "://" + request.META[
-                'HTTP_HOST'] + "/reset_password/t/" + user.reset_password_token)
+                replace("{{ link }}", request.scheme + "://"
+                        + request.META['HTTP_HOST'] + "/reset_password/t/" +
+                        user.reset_password_token)
 
             _send_email.delay(settings.WEBSITE_INFO["website_name"],
                               user.email,
@@ -380,11 +381,16 @@ class SSOAPIView(APIView):
     def post(self, request):
         serializer = SSOSerializer(data=request.data)
         if serializer.is_valid():
+            try:
+                User.objects.get(openapi_appkey=serializer.data["appkey"])
+            except User.DoesNotExist:
+                return error_response(u"appkey无效")
             try:
                 user = User.objects.get(auth_token=serializer.data["token"])
                 user.auth_token = None
                 user.save()
                 return success_response({"username": user.username,
+                                         "id": user.id,
                                          "admin_type": user.admin_type,
                                          "avatar": user.userprofile.avatar})
             except User.DoesNotExist:
@@ -395,7 +401,7 @@ class SSOAPIView(APIView):
     @login_required
     def get(self, request):
         callback = request.GET.get("callback", None)
-        if not callback or callback != settings.SSO["callback"]:
+        if not callback:
             return error_page(request, u"参数错误")
         token = rand_str()
         request.user.auth_token = token
diff --git a/oj/custom_settings.example.py b/oj/custom_settings.example.py
index efe21bd..15448ce 100644
--- a/oj/custom_settings.example.py
+++ b/oj/custom_settings.example.py
@@ -5,12 +5,10 @@ import os
 SECRET_KEY = None
 
 
-SSO = {"callback": "https://xxxxxxxxx/login"}
-
-WEBSITE_INFO = {"website_name": u"xx大学 OnlineJudge",
-                "website_name_shortcut": u"qduoj",
-                "website_footer": u"xx大学xx学院<a href=\"http://www.miibeian.gov.cn/\">京ICP备xxxxx号-1</a>",
-                "url": u"https://your-domain.com"}
+WEBSITE_INFO = {"website_name": u"example大学 OnlineJudge",
+                "website_name_shortcut": u"example oj",
+                "website_footer": u"example大学信息学院<a href=\"http://www.miibeian.gov.cn/\">京ICP备xxxxx号-1</a>",
+                "url": u"https://your-domain-or-ip.com"}
 
 
 SMTP_CONFIG = {"smtp_server": "smtp.xxx.com",