[server] fix private GitHub avatars (#20461)

* [server] fix private GitHub avatars * Improve comment and don't delete all search params
gitpod-io · Dec 17, 2024 · da1d931 · da1d931
1 parent 3e570ae
commit da1d931
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/components/server/src/github/github-auth-provider.ts b/components/server/src/github/github-auth-provider.ts
@@ -99,6 +99,13 @@ export class GitHubAuthProvider extends GenericAuthProvider {
                 data: { id, login, avatar_url, name, company, created_at },
                 headers,
             } = currentUser;
+            const publicAvatarURL = new URL(avatar_url);
+            if (publicAvatarURL.host === "private-avatars.githubusercontent.com") {
+                // github has recently been rolling out private JWT-signed avatar URLs which expire after a short time
+                // we need to use the public avatar URL instead so that the avatar is displayed correctly and fits into our database column (which is capped at 255 chars)
+                publicAvatarURL.host = "avatars.githubusercontent.com";
+                publicAvatarURL.searchParams.delete("jwt");
+            }
 
             // https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/
             // e.g. X-OAuth-Scopes: repo, user
@@ -125,7 +132,7 @@ export class GitHubAuthProvider extends GenericAuthProvider {
                 authUser: {
                     authId: String(id),
                     authName: login,
-                    avatarUrl: avatar_url,
+                    avatarUrl: publicAvatarURL.toString(),
                     name,
                     primaryEmail: filterPrimaryEmail(userEmails),
                     company,