Thank you for reaching out to us!
I believe you are definitely on the right track, the only immediate issue that I can see would be that the authorization parameters required for forwarding to the /authorize endpoint needs to be under this format : <a href="/auth/login?audience=urn:my-api">Login</a>
This is pulled from the migration guide and would replace the login route that you mentioned, under the format of ‘/api/login?’
Hope that helped!
Gerald