Accessing Chatter user pics
Anyone doing Chatter development will want to display a user's Chatter profile picture (probably the thumbnail version) at some point. For example, if you're recreating a Chatter feed, you'll want to display the author's thumbnail pic next to the relevant post/comment, just like in the standard Chatter application.
Starting in Winter '11, you can access the URL for a user's Chatter profile picture via the 'FullPhotoUrl' and 'SmallPhotoUrl' fields on the User object. If you wanted to display either of these pictures from within the context of an existing Salesforce browser session (e.g. from a Visualforce page), then simply adding a link to either of those 2 URL's would do the trick. However, what if you wanted to display the user profile picture in an application/device where no Salesforce browser session exists. Say for example you're developing an Android/iOS application that needs to display a user's Chatter profile picture. Simply linking to the 'FullPhotoUrl' or 'SmallPhotoUrl' URL would not work – the standard Salesforce login page would get displayed. Chatter profile pictures are stored internally in Salesforce CRM Content and as you would expect, you need a valid user session in order to access any data stored in Content (i.e. it is not available publicly without user authentication).
Here's a neat solution to the above conundrum. Simply append a valid Salesforce session Id or OAuth access token to the 'FullPhotoUrl' or 'SmallPhotoUrl' URL as a query parameter – i.e. add '?oauth_token=<insert valid session id/OAuth token>' to the end of the 'FullPhotoUrl'/'SmallPhotoUrl' value. The next question is of course how to get a valid session id or OAuth access token. Depending on the use case, you can either use the SOAP API (the login call specifically) to acquire a valid session Id or implement the OAuth 2.0 protocol to acquire an access token.
Note that even if you use a session id, the name of the parameter remains 'oauth_token'. Note also that appending an OAuth token or session id to the end of the URL only works for Chatter user pics that are stored in CRM Content – you cannot access any other data stored in CRM Content this way.
Try it out and remember to upload a picture to your Chatter profile! You don't want to be the 'He-Who-Has-No-Picture' guy.