feat: display OIDC provider avatar (Google profile photo) in Console UI#1247
Open
chrisbaker2000 wants to merge 1 commit intojitsucom:newjitsufrom
Open
feat: display OIDC provider avatar (Google profile photo) in Console UI#1247chrisbaker2000 wants to merge 1 commit intojitsucom:newjitsufrom
chrisbaker2000 wants to merge 1 commit intojitsucom:newjitsufrom
Conversation
Propagate the `picture` claim from OIDC providers (Google, Auth0, etc.) and `avatar_url` from GitHub through NextAuth's JWT and session callbacks to `session.user.image`, enabling the existing avatar rendering code in UserProfileButton to display provider profile photos. Also remove the explicit exclusion of `googleusercontent.com` URLs in UserProfileButton — this filter prevented Google Workspace profile photos from being displayed even if the image URL was available. Changes: - nextauth.config.ts: Add `picture` to JWT token from OIDC profile, pass through to `session.user.image` - WorkspacePageLayout.tsx: Remove googleusercontent.com URL filter in UserProfileButton avatar rendering
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
pictureclaim from OIDC providers (Google Workspace, Auth0, Okta, etc.) andavatar_urlfrom GitHub through NextAuth's JWT and session callbacks tosession.user.imagegoogleusercontent.comURLs inUserProfileButtonthat prevented Google profile photos from renderingProblem
When using OIDC authentication (e.g. Google Workspace SSO), user profile photos are never displayed in the Console — the avatar always shows the generic
FaUserCircleicon. Two issues:nextauth.config.ts: Thepictureclaim from the OIDC profile response isn't passed through the JWT and session callbacks, sosession.user.imageis always undefinedWorkspacePageLayout.tsx:UserProfileButtonhas an explicit checkuser.image.indexOf("googleusercontent.com/") < 0that filters out Google profile photo URLs even if they were availableChanges
webapps/console/lib/nextauth.config.tspicturefrom token or profile (supports Google'spictureclaim and GitHub'savatar_url)picturethrough tosession.user.imageso the existing avatar rendering code can display itwebapps/console/components/PageLayout/WorkspacePageLayout.tsxUserProfileButton: Remove thegoogleusercontent.comURL exclusion — render any validuser.imageURL as an avatarScope
This is a minimal, backward-compatible change:
pictureclaim (Google, Auth0, Okta, Azure AD, Keycloak)avatar_urlin the same code pathTest plan
pictureclaim in profile responseUserProfileButtonalready has avatar<img>rendering — just needs the URL propagatedgoogleusercontent.comfilter is the only blocker for Google avatarsGenerated with Claude Code