Just to update in case anyone else is experiencing a similar issue, the recommendation here is to replace the use of the getSsoData function with checkSession (documentation here:
Lock API Reference). That way the application is using the latest (and recommended) endpoint. (This migration should happen before July as the /ssodata endpoint will be removed - follow details here: Important - Auth0 Public Disclosure).