Google Sign in 2FA verification redirecting to wrong place

Question

I am using Google Sign in to authenticate users in my mobile app, but Android users are having an issue.

The flow is:

• User presses sign in with Google.
• Using Expo (react native), we open a secure browser (WebBrowser.openAuthSessionAsync) that points to our authentication server, with a redirect-uri query param. Important to note that android uses ChromeCustomTabs.
• Our authentication server redirects the user to Google Authentication, and embeds the redirect-uri into the state property of OAuth.
• The user signs in by entering their credentials
• The user is prompted via 2FA to confirm that it is them (this happens in Gmail, or a native prompt)
• The user confirms that it is them
• Instead of being redirected back to the browser tab that is authenticating them, they are redirecting back to the app. The app then does nothing, if they click sign in again, then the browser gets opened and they end up in a loop.

What should happen (and does for most people):

• The user confirms that it is them
• They get redirected to the browser tab which then redirects to our server callback url
• Our server checks their data to see if we need to create them an account
• Create JWT and extract redirect-uri (and verify it is valid)
• Redirect (using deep linking) back to our App with tokens
• WebBrowser.openAuthSessionAsync detects deep link and sets authentication then closes

The problem happens only for a small subset of users, and I am at a loss for what part of the process is breaking down. We don't receive any errors from expo or on the server.

Does anyone have any ideas on what could be going wrong or how to configure where Gmail / System prompt redirects you to?

I am using the web browser, as we want the server to handle this flow and because we re-use this same system for our web app.

Thanks