Thank you for the additional details!
It seems like the V4 migration guide suggest to append the authorization parameters as opposed to using route handlers as you mentioned previously using and working. I was not able to find and confirm that the route handler are no longer an option or that the auth/login?audience format is now the only way this will work.
Could you try using route handlers in V4 and see if those are still supported and work? We don’t seem to have any reported issues with regards to this issues, which would indicate that one way or another it still works, either by passing the authorization parameters ( new way in V4 ) or the " older " way.
Let us know if route handlers are still managing this on your end.
Best regards,
Gerald