SSL Offloading - OpenIddict: "This server only accepts HTTPS requests." #5379

ABP Framework version: v7.3.0-rc.1

UI type: MVC

DB provider: EF Core / Azure SQL Database

Tiered (MVC) or Identity Server Separated (Angular): yes

Exception message and stack trace:

2023-07-08 21:40:47.915 +00:00 [INF] Request starting HTTP/1.1 GET http://auth-staging.mysite.com/.well-known/openid-configuration - -
2023-07-08 21:40:47.916 +00:00 [DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri.
2023-07-08 21:40:47.916 +00:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ResolveRequestUri.
2023-07-08 21:40:47.916 +00:00 [INF] The request URI matched a server endpoint: "Configuration".
2023-07-08 21:40:47.916 +00:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+InferEndpointType.
2023-07-08 21:40:47.916 +00:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType.
2023-07-08 21:40:47.916 +00:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateTransportSecurityRequirement.
2023-07-08 21:40:47.916 +00:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was marked as rejected by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateTransportSecurityRequirement.
2023-07-08 21:40:47.916 +00:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachErrorParameters.
2023-07-08 21:40:47.916 +00:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachCustomErrorParameters.
2023-07-08 21:40:47.916 +00:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyConfigurationResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachHttpResponseCode1[[OpenIddict.Server.OpenIddictServerEvents+ApplyConfigurationResponseContext, OpenIddict.Server, Version=4.4.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]]. 2023-07-08 21:40:47.916 +00:00 [DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyConfigurationResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachWwwAuthenticateHeader1[[OpenIddict.Server.OpenIddictServerEvents+ApplyConfigurationResponseContext, OpenIddict.Server, Version=4.4.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
2023-07-08 21:40:47.916 +00:00 [INF] The response was successfully returned as a JSON document: {
"error": "invalid_request",
"error_description": "This server only accepts HTTPS requests.",
"error_uri": "https://documentation.openiddict.com/errors/ID2083"
}.

Steps to reproduce the issue:

Site is deployed in Azure with Application Gateway handling HTTPS on front end (SSL offloading) and HTTP on back end.

3 Tiers - Auth, API, and Web - all running in Azure App Service Plan - as separate web apps

AuthServer:RequireHttpsMetadata is set to false

The SSL offloading is working on all 3 tiers, except it fails with above exception when I try to login