Why do Google's OAuth consent screen internal endpoints return 400/405 errors in production?

I'm implementing Google OAuth 2.0 with PKCE for a web application. The OAuth request generation works perfectly and users can select their Google account, but Google's internal consent screen processing consistently fails with 400/405 errors on their endpoints.

What I tried: I verified my OAuth client configuration matches Google Cloud Console settings exactly. I tested both "Testing" and "In Production" publishing modes. I confirmed my PKCE implementation generates valid base64url-encoded code challenges. I verified domain ownership through Google Search Console. The OAuth URL generation works correctly:

https://accounts.google.com/o/oauth2/v2/auth?client_id=883635137330-78l4pfp088425ff0animo41m06idocnq.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fwww.ye-ye.app%2Fapi%2Fauth%2Fgoogle%2Fcallback&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fgmail.readonly+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fgmail.send+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&response_type=code&state=tbw26VZV2_lbqvzZ2uXPzOxAU2B_ajhJ9S--9Tq3ZfE&code_challenge=xNjVLQy7YFtPtYZ6I8LqU9_rFZtVeX5lLmO422W_ZGw&code_challenge_method=S256&access_type=offline&prompt=consent

What I expected: Users should complete the OAuth consent flow normally and be redirected back to my application with an authorization code.

What actually happened: The OAuth flow starts correctly and users can select their Google account, but during consent screen processing, Google's internal endpoints return errors. Network traces show these failures:

POST https://accounts.google.com/_/signin/oauth
Response: 400 - [[["er",null,null,null,null,400,null,null,null,3,[{"48448350":["xsrf","AFoagUUtfgdhmlX0SdJudYDBdzcyfWvYWQ:1755873686127"]}]],["e",2,null,null,256]]]

POST https://accounts.google.com/_/OAuthUi/data/batchexecute  
Response: 405 - [[["er",null,null,null,null,405,null,null,null,9],["di",20],["af.httprm",19,"-7254146116102288166",8]]

POST https://accounts.google.com/signin/oauth/consent/approval
Response: 400 - [[["er",null,null,null,null,400,null,null,null,3,[{"48448350":["xsrf","AFoagUUm1QJIgyeLDuYy6RHn1rHy9qgwiA:1755873810939"]}]],["e",2,null,null,256]]]

Users get stuck at "Access blocked: authorization error" screen. The same failure pattern occurs consistently across different browsers and has persisted for weeks.

Minimal reproducible example:

# Python FastAPI OAuth service
def get_authorization_url(self, state: str) -> tuple[str, str]:
    code_verifier = base64.urlsafe_b64encode(secrets.token_bytes(32)).decode('utf-8').rstrip('=')
    code_challenge = base64.urlsafe_b64encode(
        hashlib.sha256(code_verifier.encode('utf-8')).digest()
    ).decode('utf-8').rstrip('=')
    
    params = {
        'client_id': self.client_id,
        'redirect_uri': 'https://www.ye-ye.app/api/auth/google/callback',
        'scope': 'https://www.googleapis.com/auth/gmail.readonly https://www.googleapis.com/auth/gmail.send https://www.googleapis.com/auth/userinfo.email',
        'response_type': 'code',
        'state': state,
        'code_challenge': code_challenge,
        'code_challenge_method': 'S256',
        'access_type': 'offline',
        'prompt': 'consent'
    }
    
    auth_url = f"https://accounts.google.com/o/oauth2/v2/auth?{urlencode(params)}"
    return auth_url, code_verifier

My OAuth client configuration: Web application type, authorized JavaScript origins include both https://www.ye-ye.app and https://ye-ye.app, authorized redirect URI is exactly https://www.ye-ye.app/api/auth/google/callback, publishing status is "In production", and domain is verified in Google Search Console.

The OAuth request generation and initial redirection work correctly, but Google's consent screen processing fails on their internal endpoints. Is this a known issue with Google's OAuth infrastructure, or am I missing something in my configuration?