User avatar with customer oauth?

ajmas · April 19, 2021, 8:37pm

Description

We are using a self-hosted Keycloak as our oauth server, which works well enough for login. The issue is that we don’t see the user’s avatar image provided. The settings for the custom oauth provider:

url: https://keycloak-test.example/auth
token path: /realms/master/protocol/openid-connect/token
token sent via: Header
identity token sent via: Same as “Token Sent Via”
identity path: /realms/master/protocol/openid-connect/userinfo
authorization path: /realms/master/protocol/openid-connect/auth
scope: openid
param name for access token: access_token
id: rocket-chat-client
username field: preferred_username
Roles/Groups field name: groups
avatar field: picture
user data group map: rocket.cat
Map Roles/Groups to channels: false
Merge Roles from SSO: false
Merge users: false
Show Button on Login Page: true

Example response from https://keycloak-test.example/auth/realms/master/protocol/openid-connect/userinfo :

{
  "sub": "34218f1b-06d9-4afd-a9dd-4421b23b183a",
  "email_verified": true,
  "name": "Albert Einsetin",
  "groups": [
    "create-realm",
    "offline_access",
    "uma_authorization"
  ],
  "preferred_username": "lightrider",
  "given_name": "Albert",
  "family_name": "Einstein",
  "picture": "https://pm1.narvii.com/6820/8350be28ffe79ba6c375c171473ddb2fbf9ca166v2_hq.jpg",
  "email": "lightrider@example"
}

Server Setup Information

Version of Rocket.Chat Server: 3.11.1
Operating System: Ubuntu 18.04 LTS
Deployment Method: Docker
Number of Running Instances: 1
DB Replicaset Oplog:
NodeJS Version:
MongoDB Version:
Proxy: nginx
Firewalls involved:

Any additional Information

john.crisp · April 20, 2021, 8:40am

The first thing to do is test it on the latest version - currently 3.13.1

Things move so fast that this could have been fixed already!

A good search in GitHub issues, both open and closed, is worth doing as well. I am sure I have seen something similar before but don’t remember where.

I’ll keep my eyes open for it.

ajmas · April 21, 2021, 9:01am

Thanks for the reply. I’ll be sure to do both. Just one thing, and is the avatar sync meant to be done at the start of any new oauth session or at only specific points of the lifecycle? Also, which source file should I probably be looking at and how would I enable debug logging?

Have updated to latest server, but not seeing a difference. Also, the closest I saw was the following ticket, but based on the last response it is unclear whether it was fully resolved:

john.crisp · April 23, 2021, 9:12pm

Hi.

Looks like that was merged at 1.0 but might still be problematic.

Have a good hunt in issues, both open & closed.

If it still exists we may need a new bug.

Topic		Replies	Views
Avatar from Keycloack in RocketChat integration Community Support	1	350	June 30, 2022
How to integrate keycloak with rocketchat Rocket.Chat Apps	5	2924	October 17, 2023
New Install, if avatar, no set account type to user Community Support	0	486	March 17, 2021
Custom oauth configs not created from env vars Community Support	1	932	September 29, 2024
How o insert user data into custom fields from Keycloak token Community Support	3	308	June 21, 2022

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

User avatar with customer oauth?

Description

Server Setup Information

Any additional Information

Related topics