Synchronizing avatars via SSO


(Dabaer) #1

I have SSO currently functioning retrieving login data from our main site, however I am having issues when trying to synchronize user avatars, as discourse caches them.

It is unclear how sync actually works as the documentation has no information on implementation, but the problem may also be that when a user changes their avatar on our side, the url does not change.

When using the sync endpoint discourse would presumably re cache, but the documentation does not explain that either.

What is the correct usage of the sync endpoint (GET or POST), and how does discourse handle avatars when syncing?


(Dabaer) #2

Upon further inspection I discovered the force avatar update argument, which I will test this morning.


(Dabaer) #3

Alright, nothing I have tried so far has worked. Based off of feedback in other posts about the same issue, I cannot get any results as they have. My code is as follows:

$payload = base64_encode(http_build_query($query = [
    'nonce' => $nonce,
    'external_id' => $_SESSION['uid'],
    'email' => $_SESSION['email'],
    'name' => $user['information']['name'],
    'username' => $_SESSION['username'],
    'avatar_force_update' => 1,
    'avatar_url' => 'http://example.com/data/avatar/'.$_SESSION['uid'].'.gif'
]));
$sig = hash_hmac("sha256", $payload, $secret);
$q = http_build_query([ 'sso' => $payload, 'sig' => $sig ]);
header("Location: http://forum.example.com/session/sso_login?$q");

EDIT: I decided to kaibosh the POST sync endpoint twattery and try to update it on login. A bit roundabout when we could just ping discourse when they change their avatar, but it’ll have to do.

EDIT 2: It is still broken however.


(Dabaer) #4

I’ll just give this a bump, I’m still having this issue and cannot find any clear documentation on the subject.


(Steven Greco) #5

for me the avatar_force_update succeeded when stated like so.

'avatar_force_update' => 'true',

This forced the end users avatar to update on each login based off the URL provided in the sso payload.

I am using SSO with a WordPress site and the official WordPress Discourse Plugin. I just added that line in the array.


#6

I’m having trouble with synchronizing my avatars. My c# payload includes

&avatar_force_update=1&avatar_url=http://…

there seems to be some confusion around the value for avatar_force_update, can anyone clarify if its 1 or true?

Thanks


(Rafael dos Santos Silva) #7

True.


(system) #8