Direct Login api causes error while protected route -> login works

I deploy on vercel with custom domain.
I checked other forums, don’t think my issue matches up to those.

What is happening:
Accessing the /api/auth/login takes user to the Universal Login (using social - google). After successful login, the user is redirected back to the custom domain with a checks.state argument is missing error displayed on webpage.

Accessing a protected page withPageAuthRequired initially and taken through the auth flow works correctly. Log in via universal login and redirected back to the protected page successfully.

An oddity
I do notice for the direct login access api/auth/login there is a redirect that happens after https://<custom-domain>/api/auth/callback to → https://<custom-domain>.com/ which has a status code of 307 and location of https://<vercel-preview-url>
I have checked all the environment variables a multitude of time and they seem to be correct. There are no redirects set up in vercel for the custom domain.