Google API Auth2 - C# .net Core

Question

I am connecting to google android managment API sucessfully and returning data as expected when ussing swagger. The example I followed is Google API Call .net core

The issue I am having is when I call my middle ware API from my front end I get a cors error:

Access to XMLHttpRequest at 'https://accounts.google.com/o/oauth2/v2/auth?CLINET_ID_REMOVED' (redirected from 'https://localhost:44347/api/Device/Get') from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Once I login by clicking the link the front end works as expected. How can I get the login to popup if the user is not yet logged in?

What am I missing in this implamentation? The example at Google.Apis.Auth.AspNetCore3.IntegrationTests is for MVC (which I am not using) and contains some generic login pages, do I need to implament that too?

StartUp.cs

 // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllers();

            // Add Cors
            services.AddCors();
            //services.AddCors(o => o.AddPolicy("MyPolicy", builder =>
            //{
            //    builder.AllowAnyOrigin()
            //           .AllowAnyMethod()
            //           .AllowAnyHeader();
            //}));

            // This configures Google.Apis.Auth.AspNetCore3 for use in this app.
            services
                .AddAuthentication(o =>
                {
                    // This forces challenge results to be handled by Google OpenID Handler, so there's no
                    // need to add an AccountController that emits challenges for Login.
                    o.DefaultChallengeScheme = GoogleOpenIdConnectDefaults.AuthenticationScheme;
                    // This forces forbid results to be handled by Google OpenID Handler, which checks if
                    // extra scopes are required and does automatic incremental auth.
                    o.DefaultForbidScheme = GoogleOpenIdConnectDefaults.AuthenticationScheme;
                    // Default scheme that will handle everything else.
                    // Once a user is authenticated, the OAuth2 token info is stored in cookies.
                    o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;

                })
                .AddCookie()
                .AddGoogleOpenIdConnect(options =>
                {
                    options.ClientId = authClientID;
                    options.ClientSecret = authClientSecret;
                });

            //services.AddDataProtection();

            services.AddSwaggerGen(c =>
            {
                c.SwaggerDoc("v1", new OpenApiInfo { Title = "AndroidManagmentAPI", Version = "v1" });
            });
        }

Get Enterprise Method

// GET: api/<EnterpriseController>
        [HttpGet("Get")]
        [Authorize]
        [GoogleScopedAuthorize(AndroidManagementService.ScopeConstants.Androidmanagement)]
        public async Task<Enterprise> Get([FromServices] IGoogleAuthProvider auth)
        {
            SignupData signupData = JsonConvert.DeserializeObject<SignupData>(GetEnvirmentVarable(Utilities.SignupDetails));
            Enterprise enterprise = new Enterprise();
            enterprise.Name = signupData.EnterpriseName;

            var er = await GetEnterprisesResource(auth);
            var result = er.Get(enterprise.Name);
            var ent = result.Execute();

            return ent;
        }