Freshdesk Oauth SSO: CORS Error on Accessing Freshdesk Redirect URI?

I'm setting up OAuth SSO for Freshdesk. I want the user of my app to be able to login to my Freshdesk support site, without having to create a new username/password.

So far the following steps work:

• My site user clicks a "Support" menu item
• The Freshdesk SSO login page comes up
• My user clicks "client login" there
• Freshdesk hits my Authorization URL with a GET request which my app handles correctly
• Freshdesk hits my same Authorization URL an OPTIONS request which I don't do anything with (other than calling next())
• Freshdesk hits my same Authorization URL with a POST request containing a redirect_uri

This is when I get into trouble. My server needs to send some info to the redirect_uri provided by Freshdesk, and I get a CORS error.

Here's my server code:

    const clientId = req.body.client_id;
    const code = Random.secret();

    const q = new URLSearchParams({
        code: code,
        user: user._id,
        state: req.body.state
    })

    const finalRedirectUri = `${req.body.redirect_uri}?${q}`
    console.info(finalRedirectUri)
    const headers = {
        'Access-Control-Allow-Origin': '*'
    }
    res.writeHead(302, { headers, Location: finalRedirectUri})
    res.end()

Here's the error message:

How do I fix this?

I think there was a bug on the Freshdesk side in the setup for my account. Theory: when I first created my Freshdesk account, I used the default URLs. Later I asked to change them to reflect my app name and Freshdesk made changes. It may be possible that they missed updating some configs at that time.

I've moved on to a different Help Desk that is more suitable for my app.