What are your steps to reproduce?
There are a few reasons why this could be happening.
- Are you using your universal login page or are you hosting lock on your web page?
- How is the user getting blocked? Are they getting blocked by someone blocking them from the management API or the manage dashboard, or are they getting blocked because they are doing too many login attempts?
- What is the current behavior? Are you getting an error message sent to your redirect_uri instead of the error in lock?
It would be helpful if you could use developer tools in chrome to watch the network traffic during your attempt to log in with a blocked user. That could be shedding light onto where the error is being sent.
There are default messages already configured, the language dictionary just allows you to override the message that is already there for the default. So, if the error message is not showing up, it is likely due to it being sent somewhere else instead of back to the login page.