I just realized my issue. In order to compare the passwords, the first argument to checkpw() is a str converted into bytes. The second argument is also a str converted into bytes, but checkpw() must do something behind the scenes to remove the salt when it was generated.

match = bcrypt.checkpw(
    password_to_check.encode('utf-8'),
    user.password_hash.encode("utf-8")
)