Terraform managed state, 404 accessing /lock

When my runners try to lock the terraorm state they get a 404. I’ve tested it working with my access token and it works fine. As a simple example, with this /gitlab-ci:

Gitlab v13.9.6

include:
  - template: Terraform/Base.latest.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml

variables:
  TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/compman

cache:
  key: ${CI_COMMIT_REF_SLUG}
  paths:
    - ${TF_ROOT}/.terraform

stages:
  - init
  - validate
  - build
  - deploy

init:
  extends: .init

validate:
  extends: .validate

plan:
  extends: .build

apply:
  extends: .deploy

It gets the state, but 404’s on the lock:

Terraform has been successfully initialized!
[DEBUG] POST https://<HOST>/api/v4/projects/20/terraform/state/<PROJECT>/lock
│ Error: Error acquiring the state lock │
│ Error message: Unexpected HTTP response code 404 │

This seems to be an issue with using the CI_JOB_TOKEN, as using this works:

plan:
  stage: build
  image: registry.gitlab.com/gitlab-org/terraform-images/stable:latest
  script:
    - export TF_USERNAME=<USERNAME>
    - export TF_PASSWORD=<ACCESS_TOKEN>
    - terraform init -backend-config=address=${TF_ADDRESS} -backend-config=lock_address=${TF_ADDRESS}/lock -backend-config=unlock_address=${TF_ADDRESS}/lock -backend-config=username=${TF_USERNAME} -backend-config=password=${TF_PASSWORD} -backend-config=lock_method=POST -backend-config=unlock_method=DELETE -backend-config=retry_wait_min=5
    - terraform plan

but when the username is set as gitlab-ci-token and the password is set by ${CI_JOB_TOKEN} it fails in the same way as it does from using the template.