From a06c98c3db5ab81900f1bd5ab5c88d37e64a6d7b Mon Sep 17 00:00:00 2001
From: mod242 <40213799+mod242@users.noreply.github.com>
Date: Fri, 23 Jan 2026 11:16:54 +0100
Subject: [PATCH] Make Picture Claim configureable

---
 server/modules/authentication/oidc/authentication.js | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/server/modules/authentication/oidc/authentication.js b/server/modules/authentication/oidc/authentication.js
index f010e6b8..bfda8c2f 100644
--- a/server/modules/authentication/oidc/authentication.js
+++ b/server/modules/authentication/oidc/authentication.js
@@ -24,10 +24,7 @@ module.exports = {
         acrValues: conf.acrValues
       }, async (req, iss, uiProfile, idProfile, context, idToken, accessToken, refreshToken, params, cb) => {
         const profile = Object.assign({}, idProfile, uiProfile)
-        const picture = _.get(profile, 'picture',
-          _.get(profile, '_json.picture',
-            _.get(profile, '_json.avatar',
-              _.get(profile, '_json.profile.picture', _.get(profile, '_json.profile.avatar', '')))))
+        const picture = _.get(profile, '_json.' + conf.pictureClaim, '')
 
         try {
           const user = await WIKI.models.users.processProfile({
@@ -36,7 +33,7 @@ module.exports = {
               ...profile,
               email: _.get(profile, '_json.' + conf.emailClaim),
               displayName: _.get(profile, '_json.' + conf.displayNameClaim, ''),
-              picture
+              picture: picture
             }
           })
           if (conf.mapGroups) {