diff --git a/components/server/src/github/github-auth-provider.ts b/components/server/src/github/github-auth-provider.ts index 03eaa82eb620d6..4475b21f3be37d 100644 --- a/components/server/src/github/github-auth-provider.ts +++ b/components/server/src/github/github-auth-provider.ts @@ -99,6 +99,13 @@ export class GitHubAuthProvider extends GenericAuthProvider { data: { id, login, avatar_url, name, company, created_at }, headers, } = currentUser; + const publicAvatarURL = new URL(avatar_url); + if (publicAvatarURL.host === "private-avatars.githubusercontent.com") { + // github has recently been rolling out private JWT-signed avatar URLs which expire after a short time + // we need to use the public avatar URL instead so that the avatar is displayed correctly and fits into our database column (which is capped at 255 chars) + publicAvatarURL.host = "avatars.githubusercontent.com"; + publicAvatarURL.searchParams.delete("jwt"); + } // https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/ // e.g. X-OAuth-Scopes: repo, user @@ -125,7 +132,7 @@ export class GitHubAuthProvider extends GenericAuthProvider { authUser: { authId: String(id), authName: login, - avatarUrl: avatar_url, + avatarUrl: publicAvatarURL.toString(), name, primaryEmail: filterPrimaryEmail(userEmails), company,