A bit nuanced, but I noticed something that was happening with my Discourse and profile pictures. I am using discourse-wp as my SSO provider, and it sends over the user’s avatar image. However I also have SSO avatar override setting disabled. Since Wordpress user pictures default to a grey person, that image gets sent on every user login as part of SSO. This doesn’t appear to be an issue if the user has already uploaded their own image, or selected to use Gravatar.
It does become an issue if they haven’t selected anything and are using the letter proxy. In this case, the Wordpress generic picture becomes their Discourse profile picture, even though I have SSO avatar override disabled.
I would consider this a bug? The expected behavior should be for the letter proxy to continue to be used when SSO avatar override isn’t enabled, even if there is a profile picture from SSO.