The OneLogin OpenID Connect Scopes Documentation for the profile scope shows that there is a picture available but with this disclaimer:
Note, these claims are returned if OneLogin has the information available.
In testing, I never get picture back when testing with a user that has a profile photo set. What I get has these attributes only:
{
"id_token": "",
"token_type": "Bearer",
"scope": "openid profile",
"profile": {
"sub": "",
"email": "",
"preferred_username": "",
"name": "",
"updated_at": 1614904145,
"given_name": "",
"family_name": "",
"sid": ""
},
"expires_at": 1615761073
}
Any tips on how to get the additional fields from OneLogin would be appreciated. Thx!
I reached out to OneLogin's dev support and I got a response in a few hours. I have verified that this works, here it is:
You should add a parameter to your OIDC app and map it to the field "Profile Picture" and then include the params scope in your ODIC call. (fro more details on scopes see https://developers.onelogin.com/openid-connect/scopes)
Note - what you get back is the URL of an image and it is not a binary blob of the actual photo.