Getting unexpected authentication switch request

So, I'm writing some C# code to follow the client server protocol to connect and modify a database. I've gotten it to work with MySQL, and I'm adapting it for MariaDB.

(Using this: https://mariadb.com/kb/en/connection/)

The connection sequence is failing for both an AWS MariaDB instance, and a local one on my machine. My steps are:

1) connect via TCP, and I get an initial handshake packet that looks as expected, gives me scramble data and specifies an authentication plugin of "mysql_native_password".

2) I reply with a client handshake response packet (not using SSL) in which I encode client capabilities, the encrypted password (using SHA1( password ) ^ SHA1( seed + SHA1( SHA1( password ) ) ), which worked with MySQL), and specifying the auth plugin "mysql_native_password"

3) I receive back an 0xFE "authentication switch request header", in which it specifies a plugin name of "mysql_native_password" and new plugin data.

This is confusing, because that isn't a switch, we were already using mysql_native_password! I guess I'm a little confused by the concept of a "switch"... does this happen because there is some problem in my client handshake response packet (which I've triple checked), and it is asking me to try again? Why would I get this response from MariaDB?

Thanks for any insight!

Edit: adding a link to the bytes of the packets being sent and forth, from the initial handshake, to the handshake response, and the server response which I expect to be an "OK", but instead is an auth "switch" request to the same auth plugin.

https://docs.google.com/spreadsheets/d/1_qa0aXc--FYCl6cSu33kpqwfs6lHPlD5OVOuYsRJMfo/edit?usp=sharing