But after we switch to Identity provider, all these end points are expecting authorization headers and since we can not pass auth headers to iframes or window.open, This functionality is breaking.

A way to specify just specific headers that should be passed through and merged with other custom pre-defined headers The current behavior limits the use cases for pass-through endpoints.