[Question] Why hardcoded HTTPS for some providers?

[asitanc]

Description

In the v2 release of Arctic, the Authentik provider has hardcoded the https:// protocol in the constructor:

arctic/src/providers/authentik.ts

Lines 20 to 23 in cd93e6d

	constructor(domain: string, clientId: string, clientSecret: string, redirectURI: string) {
	this.authorizationEndpoint = `https://${domain}/application/o/authorize/`;
	this.tokenEndpoint = `https://${domain}/application/o/token/`;
	this.tokenRevocationEndpoint = `https://${domain}/application/o/revoke`;

This implementation causes two main issues:

• It restricts users to only use HTTPS
• It complicates local development environments where HTTP might be preferred.

Question

• What was the rationale behind introducing this change?
• Why does the Authentik provider use a hardcoded HTTPS protocol, while other providers (e.g., Keycloak, which is a selfhosted alternative) don't have this restriction?

Please, consider making the protocol configurable, allowing users to specify either HTTP or HTTPS based on their requirements.

[pilcrowonpaper]

This was done for consistency sake, but honestly better if we update all domain parameters to baseURL

[pilcrowonpaper]

Unfortunately this will be a breaking change so it has to be part of v3

[pilcrowonpaper]

Related to #190