It’s indeed intriguing this being caused on similar profiles, however, if both profiles are really near the limit of what is allowed to be included in the response then even the two character difference in the username can make a difference. You can update your question with the size of the ID token you received in the success case, but that would be mostly to satisfy curiosity because if you’re reaching the limit (even if only for some users) then you may need to tackle this differently.
In addition, you mention that you are including keys as custom claims so do take under consideration if the information you’re including in the tokens is okay to be disclosed to end-users because for a SPA the issued tokens will be available to end-users.
In conclusion, although you could technically find an alternative where you could add custom claims to ID tokens, adjust the authentication request (through response type and client application configuration) so that they would not be present in URL’s (avoiding the limitations) and then obtaining the actual custom claims through an additional request to the user information endpoint I’m hesitant to recommend that without first knowing more characteristics of the data being included in the tokens. In particular, confirming the data is not sensitive and can be disclosed and also the requirement for the data to be present on the tokens themselves and not just obtained on-demand in the API itself.