SSO Avatar Not Updating

I have SSO setup with WordPress and have the SSO Avatar override setting set on discourse so that it uses the avatar URL from my WordPress site. However it does not seem to update if the person is using Gravatar and changes their Gravatar image.

If I look at the users profile SSO Info on Discourse I see the URL for the Gravatar icon and dropping that URL into my browser brings up the updated Gravatar.

I know Discourse caches these so that it does not have to make so many calls to Gravatar. How often does Discourse check for updates on this? Since I have the override with SSO set there is no way to refresh the Gravatar from the profile edit screen.

Thanks

1 Like

i also noticed if poeple go from a custom uploaded avatar or the default on my WP site then swtich to Gravatar the discourse forum does not update. It keeps the original avatar. Shouldnā€™t relogging in re-grab the avatar url and update?

I found out that there is a avatar_force_update function that was merged into the master.

https://github.com/discourse/discourse/pull/2670

Question is how could i call that? Is this something that could possibly be put on a schedule or is it per user?

Sorry not very experienced in this.

Did you guys found a solution on this topic?

I have the same issue as OP. I am using Wordpress SSO plugin and I configured discourse to use SSO avatar, but it wonā€™t follow up gravatar changes.

1 Like

I think the problem is that when a person changes their gravatar image, it doesnā€™t change the gravatar URL, so Discourse has no way of knowing that the avatar has changed. If a person wants their updated gravatar image to be used on Discourse, they need to go to their profile and edit their avatar. There is an option there to refresh the gravatar image.

3 Likes

What i did was add the avatar_force_update = true to the array parameters on the sso login string that is generated. This causes it to redownload the avatar each time the user logs in.

4 Likes

On the wordpress (sso provider) side, do you mean?

Yes. I think this can be added as an option to the plugin. Possibly it should be the default behaviour.

yes. i just edited the discourse-sso.php of the Discourse WordPress plugin and added it to the params array there.

I am using pt-wp-discourse-sso, and also added it to the params array; howerever it wonā€™t work

https://github.com/mautematico/pt-wp-discourse-sso/commit/365877714e5768429cb85f6ab033b9505be31c7d

Do you guys have any clue about what am I missing?

Edit: Tried with string instead of boolean (ā€˜trueā€™ instead of true). Did not work either.

Using string ā€˜trueā€™, I can see logs like this one:

Verbose SSO log: User was logged on <<user>>

nonce: <<nonce>>
name: <<name>>
username: <<username>>
email: <<user@example.org>>
avatar_url: https://www.gravatar.com/avatar/<<hash>>
avatar_force_update: true
require_activation: 
bio: 
external_id: 1
return_sso_url: 
admin: 
moderator: 
suppress_welcome_message: 
title: 
add_groups: 
remove_groups: 

Howerever, avatar is not refreshed.

So far, I canā€™t get it working either. This works on a live site, I havenā€™t been able to get it working in my development environment. The SSO params that are sent to Discourse now have a filter applied to them, so you donā€™t need to override the pluginā€™s code.

Adding something like this to your functions.php file should work.

add_filter( 'wpdc_sso_params', 'my_namespace_force_avatar_update' );
function my_namespace_force_avatar_update( $sso_params ) {
    $sso_params['avatar_force_update'] = 'true';

    return $sso_params;
}
2 Likes

Does this work with custom Profile Builders at all? That have their own avatar upload feature built in?

My user avatars have the URL of something like"ā€¦/wp-content/uploads/ā€¦" but it doesnā€™t seem to update on Discourse, even with the avatar_force_update code above.

Thanks!

From looking at the Discourse code, it seems like it should work. Do you have the Discourse setting ā€˜sso overrides avatarā€™ enabled? If not, could you try enabling it and see if that makes a difference?

Yeah I have that enabled. I also tried creating a new account, setting the avatar, then navigating to Discourse to log in and complete the forum registration, but it still didnā€™t grab it then either.

Which plugin are you using for setting the avatars on WordPress? If itā€™s free, Iā€™ll try it out.

1 Like

Itā€™s using https://www.cozmoslabs.com/wordpress-profile-builder/, which unfortunately isnā€™t free. I was using Learnpressā€™ Eduma theme earlier for profiles, and it wasnā€™t grabbing the avatar either (it was also saving to a custom folder).

Would be happy to provide access if it helps.

Thereā€™s a filter in the wp-discourse plugin that you can use to change the avatar thatā€™s sent to Discourse. From looking at the wordpress-profile-builder docs, it looks like they save the custom avatar as user metadata. From the example on this page, they are saving the avatar URL under the key ā€˜custom_field_57ā€™: https://www.cozmoslabs.com/docs/profile-builder-2/manage-user-fields/avatar-upload-field/

Assuming that what is saved in that field is the absolute URL of the avatar, something like this will work. Iā€™ve tested this on a live site by saving the string http://example.com/wp-content/uploads/my-profile-pic.jpg as user metadata. If itā€™s not an absolute URL thatā€™s saved in that field, it will take a bit more work to put it together.

add_filter( 'wpdc_sso_avatar_url', 'my_namespace_use_custom_avatar', 10, 2 );
function my_namespace_use_custom_avatar( $avatar_url, $user_id ) {
    if ( get_user_meta( $user_id, 'custom_field_57', true ) ) {
        $avatar_url = get_user_meta( $user_id, 'custom_field_57', true );
    }

    return $avatar_url;
}

If you enable verbose sso logging on your forum, youā€™ll be able to see what values are being sent with the sso payload.

Edit: before trying this, enable the verbose sso logging setting on Discourse and take a look at the Discourse logs to see what URL is currently being sent as the avatar_url with the SSO payload.

1 Like

Thanks for helping out on this! Still no luck with the above code, so I dug into the database a bit to see what was coming up.

  • The avatar user metadata is actually whatever you set it. In my case, itā€™s ā€œcustom_field_avatarā€
  • Tried swapping that in, but still nothing
  • I looked in the db as to what was in that field. Instead of returning a URL, the meta_value returns something like ā€œ348ā€
  • 348 is the ID for the image attachment in wp_posts
  • in that field, the full image URL is displayed under ā€œguidā€

Any ideas on how to make that adjustment? Thanks again!

1 Like

Btw, I also looked at how Learnpress stored theirs in case it might help anyone in the future.

They have a custom field in wp_usermeta called ā€œ_ lp _ profile_pictureā€ (without the spaces). That stores a value of something like ā€œlearn-press-profile/2/b89f8d0b9ee2dd95d8d4f4020f941cf8.jpgā€, which is the portion of ā€œhttp://www.yoursite.com/wp-content/uploads/learn-press-profile/2/b89f8d0b9ee2dd95d8d4f4020f941cf8.jpgā€.

In that case, I think you would need to use Simonā€™s code above, replace ā€œcustom_field_57ā€ with ā€œ_ lp _ profile_pictureā€ (again without the spaces), and add the first part of your URL (which Iā€™m not quite sure how to do).

1 Like

You can get the upload URL from itā€™s ID with wp_get_attachment_url( $attachment_id );

This might work:

add_filter( 'wpdc_sso_avatar_url', 'my_namespace_use_custom_avatar', 10, 2 );
function my_namespace_use_custom_avatar( $avatar_url, $user_id ) {
    if ( get_user_meta( $user_id, 'my_avatar_custom_field', true ) ) {
        $avatar_id = get_user_meta( $user_id, 'my_avatar_custom_field', true );
        $avatar_url = wp_get_attachment_url( $avatar_id );
    }

    return $avatar_url;
}
3 Likes