From 7d706eba073fb14fda2311e3389afa9b3ea0cb3e Mon Sep 17 00:00:00 2001
From: whekin <stanislavkalishin@gmail.com>
Date: Tue, 17 Mar 2026 13:51:10 +0400
Subject: [PATCH] fix(bot): use HTTPS for OIDC audience to match Cloud
 Scheduler

---
 apps/bot/src/scheduler-auth.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/bot/src/scheduler-auth.ts b/apps/bot/src/scheduler-auth.ts
index e579cd6..55c5dcb 100644
--- a/apps/bot/src/scheduler-auth.ts
+++ b/apps/bot/src/scheduler-auth.ts
@@ -62,7 +62,10 @@ export function createSchedulerRequestAuthorizer(options: {
       }
 
       try {
-        const audience = oidcAudience ?? new URL(request.url).origin
+        const origin = new URL(request.url).origin
+        const audience =
+          oidcAudience ??
+          (origin.startsWith('http://') ? origin.replace('http://', 'https://') : origin)
         const ticket = await verifier.verifyIdToken({
           idToken: token,
           audience