SSO Avatar Override Issues


#1

I’m try to get the avatar override to work for my SSO. I’ve tried two things and neither have worked;

Try 1 - Adding avatar info to payload

   Subscriber s = new SubscriberFactory().GetObjectByEmail(email);
    if ( s != null )
    {
       avatarInfo = "&avatar_force_update=true";
        avatarInfo += "&avatar_url=" + "http://www.stackfish.com/" + s.AvatarUrl;
    }


            string returnPayload = "nonce=" + HttpUtility.UrlEncode(nonce) +
                                    "&email=" + HttpUtility.UrlEncode(email) +
                                    "&external_id=" + HttpUtility.UrlEncode(externalId) +
                                    "&username=" + HttpUtility.UrlEncode(username) +
                                    "&name=" + HttpUtility.UrlEncode(name) + avatarInfo;

This results in an error that breaks my SSO

Try 2: Tacking on that avatar info at end of the redirect URL

 redirectUrl +=  "sso=" + encodedPayload + "&sig=" + returnSig + avatarInfo;

This doesn’t break my SSO but avatars are not overwritten.

I have Overides user avatar… checked in my admin panel.
Does anyone know what I’m doing wrong?

Thanks


(Kane York) #2

What happens if you pass a hash into a form-encoding helper? You’ve got your string types mixed together all over the place.


#3

Thanks riking that was a problem and I’m one step closer. I’m assuming Try 1 is the correct approach.

I’ve updated my code to be:

if ( s != null )
            {
                avatarInfo = "&avatar_force_update=true";
                avatarInfo += "&avatar_url=" + "http://www.stackfish.com" + s.AvatarUrl;
            }



            addLog("SSOLogin: AvatarInfo Before Encode: " + avatarInfo);

            avatarInfo = HttpUtility.UrlEncode(avatarInfo);




            string returnPayload = "nonce=" + HttpUtility.UrlEncode(nonce) +
                                    "&email=" + HttpUtility.UrlEncode(email) +
                                    "&external_id=" + HttpUtility.UrlEncode(externalId) +
                                    "&username=" + HttpUtility.UrlEncode(username) +
                                    "&name=" + HttpUtility.UrlEncode(name) + avatarInfo;

I’ve also confirmed through logging that I’m passing a valid avatar url:

avatar_url=http://www.stackfish.com/Portals/0/UserImages/AvatarImage20207da8ae19-7c9e-4f58-ba60-53043944b944.jpg

WIth this approach, I can log in with my SSO but my avatar is still the default discourse avatar. Am I missing a setting?


#4

I found some more encoding issues on my part. I’ve modified my code to be:

   if ( s != null )
            {
                avatarInfo = "&avatar_force_update=true";
                avatarInfo += "&avatar_url=" + HttpUtility.UrlEncode("http://www.stackfish.com" + s.AvatarUrl) ;
            }

and here is a pretty print of what I’m passing to discourse:

nonce=8a82d4e93c2a9da7625e83ff7f4f2801
&email=jimmy%40stackfish.com&external_id=115
&username=jimmy%40stackfish.com
&name=Jimmy
&avatar_force_update=true
&avatar_url=http%3a%2f%2fwww.stackfish.com%2fPortals%2f0%2fUserImages%2fAvatarImage20207da8ae19-7c9e-4f58-ba60-53043944b944.jpg

Now my SSO is broke with the error: Job exception: undefined method ‘to_i’ for true:TrueClass


#5

If found a thread that mentioned that avatar_force_update need to be either 1 or ‘true’.

I set it to 1 and it now works.