After some back and forth and additional testing, we found out that entering credentials or other POSTs in the authentication flow (like signing up) also triggered the issue. This workaround is thus not foolproof and thus no longer recommended.
See Authentication broken on ASP.Net Core and Safari on iOS 12 / Mojave (take 2) for an updated workaround.