I have a valid access token (from oauth login flow) and Contact PhotoUrl value (from a REST API call).

Is there a way to combine this two and construct a HTTP browser request that could actually allow me to fetch the image?

As per documentation, PhotoUrl returns a path to be combined with the URL of a Salesforce instance (which I also have) to generate a URL to request the profile image associated with the contact. Generated URL returns an HTTP redirect (code 302).

Everything works as long as user is logged into salesforce in the same browser session. But once the session is out, this generated URL returns 401 error instead of 302 redirect. Because I have a valid oauth access token (from some out of band way) I could pass it with the request to fetch the image.

I found some undocumented property of this PhotoUrl - if you append ?oauth_token=<valid access token> to it you will actually make the redirect and get final image url, e.g. something like https://yourInstance.salesforce.com/profilephoto/005/T

But browser cannot fetch this image, because the session is still out. Simple https://yourInstance.salesforce.com/profilephoto/005/T?oauth_token=<valid access token> would do the trick, but all query params are getting stripped during 302 redirect, and as of my knowledge there is no way to get value after the redirect from the browser.

Does anyone have any idea how browser could fetch actual image using data I mention?
 

I have a valid access token (from oauth login flow) and Contact PhotoUrl value (from a REST API call).

Is there a way to combine this two and construct a HTTP browser request that could actually allow me to fetch the image?

As per documentation, PhotoUrl returns a path to be combined with the URL of a Salesforce instance (which I also have) to generate a URL to request the profile image associated with the contact. Generated URL returns an HTTP redirect (code 302).

Everything works as long as user is logged into salesforce in the same browser session. But once the session is out, this generated URL returns 401 error instead of 302 redirect. Because I have a valid oauth access token (from some out of band way) I could pass it with the request to fetch the image.

I found some undocumented property of this PhotoUrl - if you append ?oauth_token=<valid access token> to it you will actually make the redirect and get final image url, e.g. something like https://yourInstance.salesforce.com/profilephoto/005/T

But browser cannot fetch this image, because the session is still out. Simple https://yourInstance.salesforce.com/profilephoto/005/T?oauth_token=<valid access token> would do the trick, but all query params are getting stripped during 302 redirect, and as of my knowledge there is no way to get value after the redirect from the browser.

Does anyone have any idea how browser could fetch actual image using data I mention?