Hey @nelson2 ,
Appreciate the detailed behavior description a lot! Let’s see what we can do.
I’m still waiting for internal feedback, but to the best of my knowledge, organizations don’t really get along with Application Login URI (organizations have been implemented later 
).
My tentative thought is to have one common for the application login URL that further redirects to an organization (subdomain)-specific login flow. This would require logic for adding the client_id and organization parameters to the /authorize on behalf of the user (or asking a user for their organization in this specific use-case when they end up with the error).
Just a heads up for HAR file sharing - we have stopped accepting HAR files via the community for some time now.
Please let me know your thoughts or follow-up questions - I will also update you with internal insight once I receive it.