The problem here is you are trying to be be specific about something that is custom.
You both undoubtedly have different systems and it is impossible to be specific at the level that you want.
There are a number of issues open on avatars, but not specifically related.
I have been keeping a watch to see if any are similar.
As ever all the code is here - it is all Javascript - or now mainly Typescript - built using the Meteor framework:
The easiest way to setup and test is with gitpod:
In the meantime I am going to try and ask someone who uses a known - as opposed to Custom - Oauth to see if they can give some guidance.
Please note - do you have 2FA running? I believe that can give some unexpected results.
Also - have a search here for clues:
oauth “no matching login attempt found”
Having had a read myself I’m pretty certain this is to do with 2FA and Verified accounts. I will try and find out more.
In the meantime please check your settings for Admin/Accounts - Registration & 2FA