aspnetcore: [OIDC] - Failed to authenticate - Regression after upgrading to .NET 7

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

My application is a Blazor WebAssembly that is hosted by an ASP.Net server.

I configured my app to get access token for my backend with:

builder.Services.AddOidcAuthentication(options =>
{
    options.ProviderOptions.Authority = settings.Authority;
    options.ProviderOptions.MetadataUrl = settings.MetadataUrl.ToString();
    options.ProviderOptions.ClientId = settings.ClientId;
    options.ProviderOptions.ResponseType = "code";

    options.ProviderOptions.DefaultScopes.Add(settings.Scope);
});

builder.Services.AddApiAuthorization();

builder.Services.AddHttpClient("api", (sp, client) =>
{
    client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress);
    client.DefaultRequestHeaders.Add("X-Version", "1.0");
}).AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>();

builder.Services.AddScoped(sp => sp.GetRequiredService<IHttpClientFactory>().CreateClient("api"));

It is working fine with this authentication and authorization flow running in .NET 6.

But after upgrading to .NET 7, I observe that the app fails to authenticate the user. I receive the auth_code from the IDP and the client request after the token as expected:

N.B: if I disable the additional scope from the configuration. I can see that I have the ID_token, handled by the application, but failed to get token for requesting my backend (obviously)

Expected Behavior

My user should be authenticated. aht the access token handled by the app (as for .NET 6).

Steps To Reproduce

Configure the OIDC With adding an additional scope to the request and specify the authorization code flow:

    options.ProviderOptions.ResponseType = "code";
    options.ProviderOptions.DefaultScopes.Add(settings.Scope);

Exceptions (if any)

No response

.NET Version

7.0.100

Anything else?

No response