avatar image cache invalidation error
⛓️💥APIs❌Unsolved🪲Bugs
I am running a self hosted intance of zitadel on Version v4.10.1
I have a token from zitadel in my app using oicd auth. I added the scopes
With the token I can access the API to change my avatar using:
There is no error, and if I GET my avatar from the API with that token:
I get the newly set image back.
Sounds good. But now comes the cache invalidation error I found:
When I login to my zitadel instance with that user, the old avatar is still shown, when I use the profile avatar url link and load it via wget to circumvent my browser cache and changing the ?v= parameter, I always geht the old avatar.
Now the kicker: When I grab the bearer token from my zitadel web instance from the same user as in my app and use that token for changing the avatar via the same curl as before, then everything works. the zitadel page shows the new avatar and the avatar url also shows the new image.
My guess:
- The token from the zitadel web instance triggers an cache invalidation on changing the avatar but a token obtained via oicd does not.
Do I do something wrong? Or is it really a bug?
I have a token from zitadel in my app using oicd auth. I added the scopes
'urn:zitadel:iam:org:project:id:zitadel:aud' and 'urn:zitadel:iam:org:project:id:MY_PROJECT_ID:aud'With the token I can access the API to change my avatar using:
curl 'https://login.reyondx.com/assets/v1/users/me/avatar' \
-X POST \
-H 'Accept: application/json, text/plain, */*' \
-H 'Authorization: Bearer **HIDDEN**' \
-F 'file=@sample_pic.jpg'
There is no error, and if I GET my avatar from the API with that token:
curl "https://login.reyondx.com/assets/v1/users/me/avatar" \
-H 'Authorization: Bearer **HIDDEN**GRpHV' --output sample_pic_zitadel.jpgI get the newly set image back.
Sounds good. But now comes the cache invalidation error I found:
When I login to my zitadel instance with that user, the old avatar is still shown, when I use the profile avatar url link and load it via wget to circumvent my browser cache and changing the ?v= parameter, I always geht the old avatar.
Now the kicker: When I grab the bearer token from my zitadel web instance from the same user as in my app and use that token for changing the avatar via the same curl as before, then everything works. the zitadel page shows the new avatar and the avatar url also shows the new image.
My guess:
- The token from the zitadel web instance triggers an cache invalidation on changing the avatar but a token obtained via oicd does not.
Do I do something wrong? Or is it really a bug?
