Identity Provider Profile Picture

Not sure if there is a more technical word for this, but do the identity providers support reading a response that includes a profile picture?

Looking to try and get the users O365 profile picture to show up in the app when they are signed in.

This is not supported in a first-class way.

If you are designing a project to show the picture yourself, you could script an http client call to O365 if they expose a web service to retrieve the user's picture?

Does the IDP respond with a token that is valid for that request from the Graph API?

Or would there need to be a separate app setup on the O365 side just for that?

You'll have to consult Microsoft's docs on that. Typically you can configure your OIDC IdP with appropriate scopes to that the access token returned to Ignition can be used to make an authorized call to other APIs on behalf of the end user... but it's really up to the IdP and API provider.

1 Like

According to the OIDC spec, picture is a standard claim on the ID token returned to Ignition from the IdP after authentication. The claim is a string with description as follows:

URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file), rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User.

If Microsoft's OIDC IdP is standards-compliant, you should see this claim in your test login result as a property under the idTokenClaims object. From Perspective, you can access this same property from session property auth.idpAttributes (see Session Properties - Ignition User Manual 8.1 - Ignition Documentation).

Check Microsoft docs - you might need to configure a special scope in order for them to set the picture property on the id token claims returned to Ignition...

1 Like