One possible solution is to use Packages as a container for your code. This allows you to retrieve only the code in your package from an org which ignores all other metadata in the org such as managed package fields, standard Salesforce fields, and any customer created fields.
To test it out, go to Setup->Create->Packages in your source org. Create an unmanaged package and use the Add Components button to add all the metadata you want to bundle in your package. Then, retrieve all metadata from the package into a folder. You'll wind up with a folder containing all the metadata and a package.xml file formatted to allow deployment into a Package in your target orgs.
The key difference in the package.xml is the inclusion of the element which flips on the deploy to package functionality.
The one catch is the target org will need to have a package with the same name already created before the deployment but this is a one time manual step per target org.
I just wrote up the build.xml targets in a different answer you can reference here:
https://salesforce.stackexchange.com/a/31437/4832
There are, however, some drawbacks. Some metadata types won't deploy this way. For example, ActionOverrides don't work this way as they can't be bundled in a package. As a workaround, you can create a normal bundle of metadata for use only in deploying the types you can't deploy as part of a package.
Best Answer
In API Version 53 (probably a few versions earlier as well), the loginFlow is specified within the Profile. Deploying the Profile should also deploy the LoginFlow. However, be advised that deploying the Profile also deploys other attributes of the Profile such as SystemPermissions (called userPermissions within the Profile XML) as well as Login IP Ranges and other attributes of the Profile. BE CAUTIOUS in deploying Profiles between tiers!