I'm trying to protect a proxied site using an oauth2 enpoint, using the following config:

location / {
...
auth_request /_oauth2_token_introspection;
...
}
location /_oauth2_token_introspection {
internal;
proxy_pass https://site/oauth2/auth...;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
...
}

My problem is that while auth_request can only handle 2xx and 4xx responses, my oauth2 endpoint returns with a 303 response for an unauthorized request. So naturally, I added the following to the second block:

error_page 303 =401 /some_redirect_page;

But unfortunately nginx still returns internal server error, logging that the auth_request returned an unexpected response code. Commenting out the internal directive, and testing the second endpoint directly shows that indeed, the status code doesn't get overridden.

What may cause this, and how could it be fixed?