Here was the response from one of our engineers:
This redirect URL is generated by the Microsoft.AspNetCore.Authentication.OpenIdConnect library used in .NET apps. Usually you’d want to have the redirect URL in the same domain as the app.
However, if the problem is that the app is not aware of the domain because the request come through a load balancer etc, they may need to use the x-forwarded-for headers nginx - AspNetCore Azure AD Connect Callback URL is http, not https - Stack Overflow