Description
Expected Behavior
OidcBackChannelLogoutHandler should be able to logout user's session using http://localhost... host and protocol
Current Behavior
In Spring security config 6.2.1, The URL which is being used for the internal logout is taken out of incoming Request: https://github.com/spring-projects/spring-security/blob/6.2.1/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutHandler.java#L110
Context
I'm developing project in which we deploy Spring based related service on Kubernetes. We use HTTPS, however, It's being terminated on Istio ingress, so the traffic which reaches the POD with Spring service does not use HTTPS.
This causes that requestURL from the request is in shape of "https://service.domain.name/....
The only solution for me at the moment is to make a copy of OidcBackChannelLogoutHandler which will use "http://localhost:8080... convention (default port)