For anyone looking for a solution for a similar situation. I didn't find a perfect solution for my problem, I had to change how redirect url endpoint is working, previously it was directly redirecting the request to the Identity provider service and I changed that to simple return a 200 and redirect url as string, which frontend sets in an anchor in href. After that it doesn't run into CORS issue as the browser doesn't check it.