So we use the oidc plugin, but the avatar_url requires auth and the current avatar download support when provided by the plugin doesn’t know to use a cached access_token to fetch. Adding that feels pretty big in my head so not sure i could take on a PR.
We had been using system avatar, but it requires a user to set their username (and don’t change it) so that the image is grabbed. If that is a mismatch we get broken images in the UI.
Gravatar is not an option for us and manual upload can work if folks do it which they don’t commonly.
It seems like if system avatar is used the letter proxy gets bypassed completely. And based on the url in the DOM the image is loaded client side so the app doesn’t know that the resource doesn’t exist.
I had thought about using default avatar url to point at letter_proxy, but it doesn’t support tokens so at best i could point it at a single generic avatar and then folks could change to manual upload or system (if their username resulted in a proper load).
I would like to handle some of these cases with conditions, but I can’t seem to figure out a good combination of settings to make it more resilient.