Oauth2 plugin: avatar not used

sso
1

Hi,

I’m splitting into a topic an issue referenced here Discourse OAuth2 Basic - #304 by nodomain
here Discourse OAuth2 Basic - #316 by jmlord (that’s me)
and maybe here User avatar not updating on re-log in

The account is created successfully but the avatar is not included. Sample response:

Body: {
  "access_token":"...",
  "token_type":"bearer",
  "expires_in":"3600",
  "scope":"profile",
  "profile" : {
    "id":1234,
    "email": "...",
    "name": "...",
    "picture": "https://somedomain.com/somevalidpicture.jpg"
  }
}

Variable oauth2 callback user info paths includes value avatar:profile.picture and it is correctly parsed, since it appears in the following log:

OAuth2 Debugging: after_authenticate response: 

creds: {"token"=>"...", "expires_at"=>1702053692, "expires"=>true}
uid: 1234
info: {"email"=>"...", "name"=>"...", "avatar"=>"https://members.geobon.org/pages/profile-picture/..."}
extra: {}

I checked that the picture address is correct, and it’s size is 300x300. Here is a sample.

I checked the logs of the server where the pictures lie, and there was no attempt to download this picture during account creation and initial login.

Any idea why this does not work for us? (clearly it works with some other configs…)

1 Like
2

hmmm, I’m not sure it’s possible to get the avatar

3

Hi Lillian, thanks for helping.

The quoted post seems to be in the case where the endpoint was not a direct link to the file. It’s a bit different here, where we directly provide the file link.

Also, this seems to work in some cases:

Also, tooltip of oauth2 callback user info paths property says

Paths in the token response to other user properties. Supported properties are name, username, email, email_verified and avatar. Format is property:path, eg: name:params.info.name

If not by URL, how do we do it? Should I base64encode it in the file?

Edit: Let me try the 2-step process, where the image avatar result is in another query, instead of the token response, and I’ll post again.

4

Ok, I got it to work with the 2-step process. It seems that either the tooltip is wrong or that there is a bug with that part of the plugin:

oauth2 callback user info paths : … Supported properties are name, username, email, email_verified and avatar.

The latter is not true. For the avatars to work, one needs to add a json endpoint for user details, check “Fetch user JSON for OAuth2” and fill the oauth2 json avatar path property.

1 Like