use request host value instead of auth domain when proxying

[quanyangsc]

This modifies how the target URL for proxying auth requests is instantiated, instead of using auth.auth_domain, it uses request.host which achieves the same behavior, but is more robust in the sense that it'd allow setups that are behind some kind of beyond corp/zero trust proxy more easily.