SSO avatar does not refresh as expected

We have set up SSO login for our forum, but the user’s avatar icon does not update as we expect it to:

When changing the avatar in our SSO provider we send the following payload to our discourse server:

$encodedPayload = base64_encode(
	. '&return_sso_url=' . env('DISCOURSE_SSO_URL')
	. '&email=' . auth()->user()->email
	. '&primary_email=' . auth()->user()->email
	. '&external_id=' . auth()->user()->id
	. '&name=' . auth()->user()->name
	. '&username=' . auth()->user()->nickname
	. '&avatar_url=' . auth()->user()->avatar
	. '&avatar_force_update=true'
	. '&admin=' . (auth()->user()->isAdmin ? 'true' : 'false')

If vieewing a discourse forum page, the avatar does not change (this is expected), however it does not change when refreshing the respective page or navigating to a new one (although we can see in the console that it has already pulled the new image).

We need to log out and log back in for it to change.

If the avatar changes, a new filename is generated for it, and we always send the avatar_force_update as true.

Is there anything we’re missing?

1 Like

If you enable the Discourse verbose sso logging site setting, are you seeing the avatar_force_update parameter in the SSO logs for the first login after a user changes their avatar on the SSO provider site?

1 Like