I believe you’ve set the authentication mechanism on the service you published via App1.
I’d rather use a call rest activity and configure all the expected parameters in the App2.
Why do you want to use a URL redirector though, is your use case different than how I understood?