I’ve tried this out in my local development environment and there seems to be a problem with the way it’s working. The avatar_url is being sent to Discourse on login, but it is only being used by Discourse when the user’s profile picture is set to use the ‘system assigned profile picture’. This change - from the system assigned image to the SSO image - only works once. After the system assigned image is overridden by the SSO image it becomes a ‘custom picture’ and is not overwritten when the SSO avatar is changed.
Also, the Discourse setting ‘sso overrides avatar’ doesn’t seem to be doing anything except making it impossible for a user to edit their profile picture on Discourse.
What seem to be happening is that when WordPress avatar is set using Gravatar, changing the Gavatar doesn’t change the avatar URL, so the test for avatar_changed in discourse_single_sign_on.rb is failing.
I can change the wp_discourse plugin to send the parameter avatar_force_update = 'true' with the SSO parameters. That works, but it overrides the Discourse setting sso_overrides_avatar, so it will change user avatars when that setting isn’t selected.