Set-Cookie header not forwarded by nginx to the client

Question

I have the following configuration

    Client(Browser) ---> Nginx ——————> Auth backend
                            |
                             ————————> Protected Backend

When the browser hits Nginx for Protected Backend, it is directed to the Identity Provider (Azure Active Directory). The IDP then provides an authorization code in response, which the browser subsequently sends to Nginx. Nginx forwards this to the Auth Backend, where it is exchanged for a token. The Auth Backend responds with an access token setting it in the Set-Cookie header. However, Nginx omits this header when sending the response back to the client. How should I tell Nginx not to omit this header?

Nginx conf

upstream auth_pool {
    least_conn;
    server localhost:7771;
    server localhost:7772;
}


server {
    listen 80;
    server_name _;
    resolver 10.0.0.6:8600;
    set $domain service.eastus-1.consul;

    error_page 401 = @error401;

    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 100M;

    proxy_hide_header 'Access-Control-Allow-Origin';
    proxy_hide_header 'Access-Control-Allow-Credentials';
    proxy_hide_header 'Cache-Control';
    proxy_hide_header 'Pragma';
    proxy_hide_header 'Expires';

    add_header 'Access-Control-Allow-Origin' '*' always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
    add_header 'Cache-Control' 'no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0' always;
    add_header 'Pragma' 'no-cache' always;
    add_header 'Expires' '0' always;
    expires -1;
    proxy_no_cache 1;
    proxy_cache_bypass 1;
    if_modified_since off;

    types_hash_max_size 4096;

    location / {
       auth_request /auth_backend;
       auth_request_set $x_myorg_user $upstream_http_x_myorg_user;
       auth_request_set $backend_status "500";

       proxy_set_header Host $host;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_http_version 1.1;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Myorg-User $x_myorg_user;
       proxy_set_header Accept-Encoding gzip;
       proxy_redirect off;

       proxy_pass http://localhost:8080;
   }

   location /auth_backend {
       internal;
       proxy_set_header X-Myorg-Original-Uri $request_uri;
       proxy_set_header Content-Length 0;
       proxy_pass_request_body off;
       proxy_pass http://auth_pool;
   }

   location @error401 {
        return 302 https://login.microsoftonline.com/xxx-xxx/oauth2/v2.0/authorize?client_id=xxx-xxx&response_type=code&redirect_uri=http://localhost&scope=openid;      
   }