Trouble linking Terraform Cloud with on-prem Gitlab-EE

Hey all,
I’m trying to link my Terraform Cloud (free plan) to my on-prem Gitlab-EE (v15.9) but I’m getting an error in the Terraform GUI every time.
Terrform Cloud:

  1. Log in to TFC and within the desired workspace click Version Control>Providers
  2. Add a VCS Provider
  1. Click Continue


  1. Log in to Gitlab with service account for Terraform Cloud (admin permissions).
  2. Go to Preferences>Applications>Add new application
  • Name: Terraform Cloud
  • Redirect URI: Pasted from Terraform Cloud
  • Confidential and API checked
  1. Click Save Application

Terraform Cloud:

  • Application ID: Pasted from Gitlab-EE
  • Secret: Pasted from Gitlab-EE
  1. Click Continue
  2. Page is redirected to Gitlab instance, click “Authorize” to authorize Terraform Cloud to use the account.
    Terraform Cloud presents a pink error box in the lower left stating:

There was a problem connecting the OAuth client to the VCS provider. Please verify the
URL, credentials, and permissions of the OAuth application and try again.

I can confirm that I see the inbound traffic from Terraform Cloud IPs hitting my firewall and being added to the state table.
I see traffic on my Gitlab instance when I try to authorize resulting in the (sanitized) log output below.

Started GET “/-/metrics” for at 2023-02-28 23:56:19 +0000

Processing by MetricsController#index as HTML

Started GET "/oauth/authorize?client_id=> state=" for at 2023-02-28 23:56:19 +0000

Completed 200 OK in 273ms (Views: 1.2ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms | Allocations: 1487)

Processing by Oauth::AuthorizationsController#new as HTML

Parameters: {“client_id”=>“”, “redirect_uri”=>“> /callback”, “response_type”=>“code”, “state”=>“”}

Rendered layout layouts/profile.html.haml (Duration: 1509.4ms | Allocations: 574864)

Completed 200 OK in 1812ms (Views: 1393.8ms | ActiveRecord: 222.9ms | Elasticsearch: 0.0ms | Allocations: > 593797)

Started GET “/oauth/undefined” for at 2023-02-28 23:56:21 +0000

Processing by ApplicationController#route_not_found as HTML

Parameters: {“unmatched_route”=>“oauth/undefined”}

Rendered layout layouts/errors.html.haml (Duration: 45.6ms | Allocations: 15643)

Completed 404 Not Found in 117ms (Views: 53.0ms | ActiveRecord: 7.3ms | Elasticsearch: 0.0ms | Allocations: > 24642)

Started GET “/-/manifest.json” for at 2023-02-28 23:56:22 +0000

Processing by PwaController#manifest as JSON

Completed 200 OK in 23ms (Views: 10.5ms | ActiveRecord: 2.3ms | Elasticsearch: 0.0ms | Allocations: 2310)

Started POST “/oauth/authorize” for at 2023-02-28 23:56:24 +0000

Processing by Oauth::AuthorizationsController#create as HTML

Parameters: {“authenticity_token”=>“[FILTERED]”, “client_id”=>“”, > “redirect_uri”=>“”, > “state”=>“”, “response_type”=>“code”, “scope”=>“api”, “nonce”=>“”, “code_challenge”=>“”, > “code_challenge_method”=>“”}


Completed 302 Found in 296ms (ActiveRecord: 34.8ms | Elasticsearch: 0.0ms | Allocations: 16184)

Any ideas?