A new Lock version has been released which supports the flag mentioned earlier. In understand that this recent issue is more related to the issuer, however, given that you likely update to this can we troubleshoot the full situation in latest version.
Can you update to Lock 11.5.1 provide the full configuration used to instantiate Lock both on login pages and redirect pages (unless the config is exactly the same). In addition, provide an HAR file for the series of requests starting with the impersonation one that then lead to an error (you can redact sensitive information like opaque access tokens or signatures of JWT tokens).