diff --git a/internal/auth/oidc.go b/internal/auth/oidc.go
index c1068a59..0c750eb2 100644
--- a/internal/auth/oidc.go
+++ b/internal/auth/oidc.go
@@ -139,6 +139,10 @@ func (auth *OIDCProvider) getIdToken(ctx context.Context, oauthToken *oauth2.Tok
 }
 
 func (auth *OIDCProvider) HandleAuth(w http.ResponseWriter, r *http.Request) {
+	if r.TLS == nil && r.Header.Get("X-Forwarded-Proto") != "https" {
+		http.Redirect(w, r, "https://"+requestHost(r)+OIDCAuthInitPath, http.StatusFound)
+		return
+	}
 	switch r.URL.Path {
 	case OIDCAuthInitPath:
 		auth.LoginHandler(w, r)