How to configure SSO with GitHub

I have temporal deployed via the official helm chart (version 0.51.0).

I’m trying to enable SSO via GitHub OAuth App on the web UI.

Here’s the relevant part of my values.yaml

web:
  ingress:
    enabled: true
    className: alb
    hosts:
      - temporal.MY-DOMAIN.click
    annotations:
      alb.ingress.kubernetes.io/backend-protocol: "HTTP"
      alb.ingress.kubernetes.io/group.name: MY-GROUP
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/ssl-redirect: "443"
      alb.ingress.kubernetes.io/target-type: ip
      external-dns.alpha.kubernetes.io/manage: "true"
  additionalEnv:
    - name: TEMPORAL_AUTH_ENABLED
      value: "true"
    - name: TEMPORAL_AUTH_PROVIDER_URL
      value: "https://github.com/login/oauth/authorize"
    - name: TEMPORAL_AUTH_CLIENT_ID
      value: "Ov23lDEADCODE8LHILl"
    - name: TEMPORAL_AUTH_CALLBACK_URL
      value: "https://temporal.MY-DOMAIN.click/auth/sso/callback"
  additionalEnvSecretName: temporal-auth-client-secret

I have the secret created and it holds this data:
{TEMPORAL_AUTH_CLIENT_SECRET: xxxxxxxxxxxxxxx}

But the moment I deploy the changes my web-ui fails and keeps giving me the 503 error.

When I check the logs I see the HTML for GitHub login landing page but the Web UI won’t render it and keeps spitting 503.

What am I missing here?