iOS App shows blank screen when logging in with Entra ID Oauth SSO on custom installation

Hi rocket.chat community!

We have a custom rocket.chat 7.5.0 installation behind an nginx proxy running. Everything is running smoothly for years, but we cannot login with Entra ID OAUTH on the iOS app. Login in with UN/PW works in the app, so does OAUTH login in any browser (including safari on iOS). When logging in with OAUTH on the iOS app, a blank screen appears.

Similar issues have been found at

• https://handbook.rocket.chat/space/Handbook/75595836/Login+with+custom+oAuth+(+keycloak)+shows+blank+screen
• Blank screen when trying to login w/ OAuth provider · Issue #2883 · RocketChat/Rocket.Chat.ReactNative · GitHub
• various forum entries

However, we still have the issue. Changing the login style to any of the available options does not resolve the issue.

Some hard facts:
self hosted rocket.chat server 7.5.0 SNAP installation on Ubuntu with caddy disabled
rocket.chat app 4.59.0
nginx reverse-proxy with the following config:

upstream backend {
        server <rocket.chat IP>:3000;
}

server {
        # SSL configuration
        #
        #listen 80;
        listen 443 ssl;
    ssl_certificate <path>; # managed by Certbot
    ssl_certificate_key <path>; # managed by Certbot

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ecdh_curve X25519:prime256v1:secp384r1;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
    ssl_prefer_server_ciphers off;
    # see also ssl_session_ticket_key alternative to stateful session cache
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
    ssl_dhparam "/etc/ssl/dhparams.pem";
                                                                                              
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

        server_name rocketchat.<domain>;

        # You can increase the limit if your need to.
        client_max_body_size 200M;

        location / {
                proxy_http_version          1.1;
                proxy_set_header UPGRADE    $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header            Host $host;
                proxy_set_header            X-Real-IP $remote_addr;
                proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass                  http://backend;
                proxy_set_header X-Forward-Proto http;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header X-Nginx-Proxy true;
                proxy_redirect off;
        }
}

Any help would be appreciated!