Should we expect avatars to be propagated using Discourse SSO provider?


(Christopher Kampmeier) #1

We’re using Discourse as an SSO provider for a handful of other Discourse sites, but it doesn’t appear that the Discourse SSO provider implementation automatically provides a user’s avatar URL within the SSO protocol.

Is this a feature gap of the Discourse SSO provider or are we missing some other setting that would enable us to have users’ custom avatars automatically be used on the SSO consumer sites?

Our SSO consumer sites have the following option set:

If this is a feature gap, in the meantime, is there a readily accessible workaround?

For example, could we use the keyword based means that applies to external system avatars:

In the default avatars settings of our SSO consumer sites to reference something like this:

https://ssoprovider.discourse.test/user_avatar/ssoprovider.discourse.test/{username}/{size}.png

Seems like a stretch, but it’s worth asking…


(Jeff Atwood) #2

Not sure, anything to add here @sam?


(Sam Saffron) #3

Yeah this is a gap in the implementation, should be fairly easy to fill though its probably 1 line of code to have the SSO provider also provide avatars and seems like the best solution here…


(Christopher Kampmeier) #4

Are you thinking that this would be the area to make the enhancement? If so, I’ll give it a go today.


(Christopher Kampmeier) #5

@sam, I tested the following code change and it appears to work fine. Changes to avatars on the Discourse SSO provider site are reflected after logging out and logging in on SSO consumer sites.

A few questions:

How to arrive at the avatar size? Do you have suggestions as to how size can be derived? Should a value be pulled from Discourse.avatar_sizes? In the code below it’s hardcoded to 64.

Does it make sense to support changing back to system assigned profile picture? The main limitation of the following code change is that when a user changes their profile picture back to “System assigned profile picture” on the SSO provider, the SSO consumers won’t get updated. To address this limitation, is there a means to obtain the URL to the system assigned profile picture on the SSO provider so that this URL can be sent to the SSO consumer?

    .... 
    if current_user
        sso.name = current_user.name
        sso.username = current_user.username
        sso.email = current_user.email
        sso.external_id = current_user.id.to_s
        sso.admin = current_user.admin?
        sso.moderator = current_user.moderator?
        if current_user.uploaded_avatar_id
          relative_avatar_url = UserAvatar.local_avatar_url(Discourse.current_hostname, current_user.username, current_user.uploaded_avatar_id, 64)
          sso.avatar_url = "#{Discourse.base_url}#{relative_avatar_url}"
          sso.avatar_force_update = true
        end
        ...