picture / ext_provider claim inconsistent
I use the claim
ext_provider to determine who facilitated the login (Google, Facebook or Kinde). At times this value is blank.
The problem is the picture claim can be in different formats depending upon where it comes from. For example, from Facebook it is an entire JSON structure. Previously, in Auth0, the equivalent of a picture claim was always a URL that we know we could use. Now, I have to determine if the ext_provider is Facebook, because if it is, I need to parse the picture claim and pull out specifically the URL and leave all the extra metadata provided.
The problem with this comes about sometimes when I login. On occasion there is no ext_provider value. I think this is when I've already authenticated previously on Kinde so when I attempt to login, my request just goes right through.
Ultimately, I would like to know what auth provider facilitated that login (google, facebook, etc.). That may or may not be reasonable depending upon how that's implemented in Kinde. That said, the only thing I really care about right now is have a reasonable way to retrieve the user's picture URL. The only way I see that being possible is if:
1) Kinde always provides an ext_provider value
2) Kinde parses the picture information from each integreated OAuth provided and normalizes this value so we can all use it in a consistent way
3) I have to explicitly look for {"data": {"url": "....", "width": 200, "height": 200, "is_silhouette": false}} in the picture claim to figure out if I need to parse it.
Right now I have some users that have broken profile images because their picture url is {"data": {"url": "....", "width": 200, "height": 200, "is_silhouette": false}}.
Thoughts?3 Replies
Thanks for pointing this out. I am checking with the team on how we can help you with this.
For
ext_provider, we're just passing back what the provider passes to us in its entirety without any manipulation (in particular the claims object). You could potentially use the user info endpoint ie GET /oauth2/v2/user_profile (other API endpoints also available) to return picture: string if it's available for that user.
We are also implementing a gravatar fallback so once that's in, you shouldn't have a broken profile pic.
Would this option work for you?@Andre @ Kinde, good to hear from you. I'm not quite sure if that would solve my problem. My issue isn't that I don't have a
picture claim always available to me - I do, my issue is that depending upon the login provider (Google, Facebook, etc.) that value is sometimes a URL (GREAT!), which is very straight forward and easy to use, but sometimes its JSON with a URL embedded in there.
Now, if I'm reading between the lines, are you saying that after you implement gravatar, Kinde is going to inspect that JSON content from Facebook, pull that URL out of the JSON and somehow store that to where I know I'll always get a URL and not JSON?
That's my current problem JSON vs a URL. Ideally I want a URL 100% of the time. If I can't have that, then I need to at least be able to know if the content coming back is from Facebook so I know that I need to not only expect that it is JSON but also know the JSON structure so I can pull the correct property and get the URL from it.
I'm not sure how Gravatar will fix this, but perhaps I'm not understanding something.@ryno1234. just to clarify, you are seeing the picture claim sometimes as URL and sometimes as JSON as it's because you are getting it from ext_provider where we pass back everything the provider shares with us without filtering or changes.
So this is why we are suggesting this API option instead https://discord.com/channels/1070212618549219328/1248094123500769413/1248186152045772800