AVATAR via OAUTH2 / OIDC ???

[Zappo-II]

I found this: #6534 stating that a given URL should be used if (no real helpful details given there) service provides it ...

My JWT Payload includes something like this:

{
...
    "avatar": "https://not.your.concern/avatar/156cfcab6910058cbc1f174d8351f8bb?d=404",
    "picture": "https://not.your.concern/avatar/156cfcab6910058cbc1f174d8351f8bb.png",
...
}

...but no Avatar gets pulled, what's the mechanism like ???

Details or hints welcome...

[mod242]

I just created an pull-request that solves this: #7908

I had the exact same problem (using Authentik as an OIDC-Proivder and having "avatar" in my profile)
I use OIDC as an Provider and it works with my little patch

[Zappo-II]

Yea, dude...
checked it out and fixed my problem instantly...
THX hope that one gets merged soon...

[michal-stelmach]

I'm using Wiki.js v 2.5.314 with Authentik OIDC. In Authentik provider for wiki.js I've added mappings: avatar and picture to profile picture image URL with and without JWT token:

"avatar":"https://auth.domain.tld/files/media/public/user-avatars/filename.png?token=token",
"picture": "https://static.domain.tld/avatars/filename.png"

avatar is ~340 characters long and picture is 80.
I've tried setting Picture Claim to both avatar and picture, but I can't see any avatar. When I login to postgres, pictureUrl for users that are using OIDC and have profile picture is empty, but not NULL.
I also can see in users model L217 that max picutreUrl length is 255 characters, so that would explain why avatar is not working.
Do you have any ideas what could be an issue?

[mod242]

Hi michal,

Thanks for for the details.

From what you describe, it looks like the picture URL is never stored at all, since users.pictureUrl ends up as an empty string. So I think the issue happens before the avatar is rendered.

Could you help narrow this down a bit (since I can't reproduce on my end)?

• Are you using the generic OpenID Connect provider?
• What did you set as Picture Claim — avatar, picture, or something else?
• Is Skip User Profile enabled?
• After changing the setting, did you restart Wiki.js and log in again?
• Do you know whether the claim is present in the ID token, the UserInfo response, or both?

My current guess is that the claim may be present in the ID token, but not in the UserInfo response. If Wiki.js receives both profiles, the UserInfo payload may overwrite the ID-token payload during the current merge, so the configured picture claim resolves to an empty string.

One quick test would be to enable Skip User Profile and log in again. If the avatar works then, we probably know where the problem is.