I have similar situation.

I am developing captive portal which triggers Captive Network Assistant, this in turns shows buttons for login. Google Login works on: iPad, macOS and on Android as well - all inside CNA.

Only iPhone is rejected with message 403 disallowed user agent.

What is even more strange is that iPad has the same user agent as iPhone:CaptiveNetworkSupport-491.100.3 wispr

I am aware that Google intends to block custom webviews (which is futile), but this is official Apple browser Google rejects.

Hence I am suspecting this some thing different.

Microsoft Oauth works on all devices (CNA).