PR Provided: https://github.com/jenkinsci/scm-api-plugin/pull/79

Not sure if this is a bug, request for feature or just need for education but either way I am hoping you can help...

I was troubleshooting a plugin based on scm-api-plugin (bitbucket-branch-source-plugin) and discovered something odd. The plugin uses AvatarCache to manage "Org" images, but that was not working. Upon digging into it, I discovered that since our SCM requires authentication, the image URL requires authentication too. But as far as I can see, AvatarCache does not have any support for getting urls with authentication. So my questions are:

1. Am I seeing this correct? Or am I missing something?
2. Was this intentional or an oversight? I am guessing most SCM repos that are not OSS projects will require authentication, so how can this work for most SCMs?
3. Is the expectation for those plugins that use authenticated access to SCM to not use AvatarCache, but to implement it internally? Or is there another mechanism in scm-api-plugin?
4. Assuming the answer is that each plugin must implement its own avatar handling, are there recommended approaches/patterns for those of us not familiar with Jenkins internals?

Thank you so much