OIDC callback is always HTTPS, even when entered as HTTP

[Forceu]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

I am not sure if this is related to this project or Authelia, therefore I opened this issue here as well. The original issue can be found at authelia/authelia#6559

I am testing a local application, that has the callback set to http://127.0.0.1:53842/oauth-callback
Authelia however redirects the output after granting the login to httpS://127.0.0.1:53842/oauth-callback

According to the OIDC draft specs, http may be allowed:

redirect_uri
REQUIRED. Redirection URI to which the response will be sent. This URI MUST exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider, with the matching performed as described in Section 6.2.1 of [RFC3986] (Simple String Comparison). When using this flow, the Redirection URI SHOULD use the https scheme; however, it MAY use the http scheme, provided that the Client Type is confidential, as defined in Section 2.1 of OAuth 2.0, and provided the OP allows the use of http Redirection URIs in this case. The Redirection URI MAY use an alternate scheme, such as one that is intended to identify a callback into a native application.

This would be a problem for applications not running on a webserver, e.g. on the users device

Reproducing the bug

• Create a client with a HTTP callback in Authelia
• Get redirected to HTTPS

Relevant log output

No response

Relevant configuration

No response

Version

0.44.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker

Additional Context

No response

[Forceu]

Not related to this project