Authgear Images server provides images storing and resizing for user profile attributes.
The GET endpoint obtains the images from the object store, performs resizing, and serves the image directly.
The GET endpoint is publicly accessible.
GET /_images/APP_ID/OBJECT_ID/OPTIONS HTTP/1.1
APP_ID
: The authgear app idOBJECT_ID
: The file object idOPTIONS
: Following options are supported.- Pre-configured resizing option.
profile
: The Authgear Images will transform the image to width 240px, height 240px, center crop. Essential EXIF data (e.g. orientation) will be processed and disabled.
- Original image:
original
- Pre-configured resizing option.
The upload endpoint stores the image to the object store and creates records in the database for future reference.
The upload endpoint is a signed URL generated by the Authgear main server and admin server to upload the user profile image.
POST /_images/APP_ID/OBJECT_ID?metadata=METADATA&signature=SIGNATURE HTTP/1.1
Content-Type: multipart/form-data
THE FORM DATA WITH FILE
---
HTTP/1.1 200 OK
Content-Type: application/json
{
"result": {
"upload_url": "authgearimages:///APP_ID/OBJECT_ID"
}
}
APP_ID
: The authgear app idOBJECT_ID
: The file object idMETADATA
: The metadata is an opaque string generated by the Authgear main server and admin server. The metadata is in the format of Base64URL(JSON).SIGNATURE
: The URL signature.
MinIO is used as the object store.
When the user uploads the profile image from the Auth UI.
- The Auth UI frontend sends a request to the main server and obtains the pre-signed upload URL.
- The Auth UI frontend uploads the image to the pre-signed upload URL and obtains the URL.
- The Auth UI frontend sets the URL to the user profile attributes.
The endpoint is rate-limited per user.
The signed URL should have user id in the metadata parameter.
POST /api/images/upload HTTP/1.1
---
HTTP/1.1 200 OK
Content-Type: application/json
{
"result": {
"upload_url": "SIGNED_URL"
}
}
The Admin API will also be used by the portal for updating user profile images.
The user profile image uploading flow:
- Call the API to obtain the pre-signed upload URL.
- Upload the image to the pre-signed upload URL and obtain the URL.
- Set the URL to the user profile attributes through admin GraphQL API.
The signed URL should have user id in the metadata parameter.
POST /_api/admin/images/upload HTTP/1.1
Content-Type: application/json
{ "user_id": "USER_ID" }
---
HTTP/1.1 200 OK
Content-Type: application/json
{
"result": {
"upload_url": "SIGNED_URL"
}
}
On update, standard_attributes.profile
accepts URL https://...
and authgearimages:///APP_ID/OBJECT_ID
.
On output, standard_attributes.profile
outputs HTTPS URL. For authgear images, the URL will become the GET URL of the Authgear Images with profile
resizing option. e.g. https://app1.authgearapps.com/_images/app1/OBJECT_ID/profile
.
For supporting CDN, env IMAGES_HOST
is supported. When it is configured, it changes the host of the output URL. e.g. https://cdn.authgearappsimages.com/_images/app1/OBJECT_ID/profile
.'
CREATE TABLE _images_file
(
id text PRIMARY KEY,
app_id text NOT NULL,
object_id text NOT NULL,
size int NOT NULL,
metadata jsonb NOT NULL,
created_at timestamp without time zone NOT NULL,
);