How to check GoogleSignIn User has uploaded image or default image set by Google

Question

Google User getting below type default image when user does not have uploaded his image.

GIDGoogleUser has GIDProfileData object which has "hasImage" boolean variable. It is always returns true.

Is there is any way we are able to know User has uploaded his profile picture or it is default set by Google through "GoogleSignIn" components.

Answer 1

When you do a signin with google assuming that you requested one of the profile scopes (i think) You can make a request against the userinfo endpoint

GET /oauth2/v2/userinfo HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer ya29.GltcBnVqN8CQ5VpTe0qVSwYomBDGkAGtUSzvYBGti_mFKfemFjIPOE00HCOkfqMXpKVS6qUeMKgnzj2uPrxgvmBeeX4b0pDur3ttfGANCWceotLBMqFO4I47b9

This will return the public profile information that google has on the User.

HTTP/1.1 200 OK
Content-length: 313
X-xss-protection: 1; mode=block
Content-location: https://www.googleapis.com/oauth2/v2/userinfo
X-content-type-options: nosniff
Transfer-encoding: chunked
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Pragma: no-cache
Cache-control: no-cache, no-store, max-age=0, must-revalidate
Date: Thu, 22 Nov 2018 07:06:47 GMT
X-frame-options: SAMEORIGIN
Alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
Content-type: application/json; charset=UTF-8
{
  "picture": "https://lh5.googleusercontent.com/-a1CWlFnA5xE/AAAAAAAAAAI/AAAAAAAAl1I/UcwPajZOuN4/photo.jpg", 
  "name": "Linda Lawton", 
  "family_name": "Lawton", 
  "locale": "en", 
  "gender": "female", 
  "link": "https://plus.google.com/+LindaLawton", 
  "given_name": "Linda", 
  "id": "117200475532672775346"
}

As you can see it is returning my picture. This is the picture that i beleave i have uploaded to my Google+ account. As google is discontinuing Google+ i suspect these have all been exported over to the users Google account and there must be a way to upload a picture from their.

Now If I make a request against an account where i have not uploaded an image I get

HTTP/1.1 200 OK
Content-length: 326
X-xss-protection: 1; mode=block
Content-location: https://www.googleapis.com/oauth2/v2/userinfo
X-content-type-options: nosniff
Transfer-encoding: chunked
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Pragma: no-cache
Cache-control: no-cache, no-store, max-age=0, must-revalidate
Date: Thu, 22 Nov 2018 07:11:24 GMT
X-frame-options: SAMEORIGIN
Alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
Content-type: application/json; charset=UTF-8
{
  "picture": "https://lh5.googleusercontent.com/-GTTySn-WtmA/AAAAAAAAAAI/AAAAAAAAAAA/AGDgw-imFDZsZC-MaGnPIHPnh2Z95O-cSA/mo/photo.jpg", 
  "name": "Linda Lawton", 
  "family_name": "Lawton", 
  "locale": "da", 
  "link": "https://plus.google.com/108097091072786400385", 
  "given_name": "Linda", 
  "id": "108097091072786400385"
}

Which is

So even if the user has not personally uploaded an image Google creates a dummy one for them out of the first letter of their first or last name. There is no way for you to know if its a dummy image or an actual image unless you create some kind of image recognition system for detecting the dummy images.

Note: All of this was tested using oauthplayground data will be the same in IOs responses as well.

Answer 2

If he have not selected an image from withing your application. And there is an image that is being uploaded, then high chances are that it is an image provided by google. Just make sure to exempt place holder image when you are trying to upload.

As for checking if google returned image is a image that user uploaded or google default, I checked with different path for both type of image and see no identifier that can segregate 2 type of images.