Populating user avatars with Microsoft Graph Oauth2

Hey friendly Discourse folks,

I’ve used discourse-oauth2-basic to allow our members to login and auto-populate their email, full name, and username values from their Office365 organisational account. I’m struggling to get the avatar populated however, and was wondering if anyone has had any success doing so?

The graph guidance here suggests the URL for the avatar should be available at photo/$value; which I’ve put in but it’s not being returned and I can’t see any errors in the logs.

My current settings are:

…I’ve also tried adding ‘photo’ into the oauth2 callback user info paths and oauth2 authorize options fields to no avail. Any help much appreciated :wink:

1 Like

The OAuth2 plugin only allows requesting the data from a single endpoint (the oauth2 user json url). All of the json *** path settings refer to locations within the JSON data, not separate API endpoints.

Taking a quick look at the graph.microsoft.com api docs it doesn’t look like the /me endpoint includes the avatar URL by default. Even if you were able to fetch the profilePhoto resource, it looks like it returns a “photo ID” rather than a URL.

So unfortunately I think you would need to develop a custom authentication plugin to make this work :cry:. I’d love to be proven wrong though!


Thanks for checking that out, @david. Prompted me to see if I could ‘fetch’ it into the user JSON, appears the OData expand query parameter isn’t supported for the photo though - which does come through as a URL if you append /$value to it:

…you cannot use $expand on the user/photo relationship.

I couldn’t figure out a way to reverse that; so instead of https://graph.microsoft.com/beta/me?$expand=photo going something like https://graph.microsoft.com/beta/me/photo/$value?$expand=mail,displayName. Splutter, toys out of pram, rant.

Perhaps we could use the ‘mail’ location in the JSON data to construct the URL to the photo, which is consistently:


…so could we concatenate the three elements in the field with the right syntax? My numpty attempt here didn’t work, unsurprisingly:

https://tenant-my.sharepoint.com/User%20Photos/Profile%20Pictures/” & mail & “_LThumb.jpg”

…or maybe another way - I’m clearly grasping at straws here - would be to add the photo endpoint to the oauth2 user json url field with something like:


1 Like