Attempting to authenticate with GitLab fails

[AptLogic]

While working with integration and validation testing for git-as-svn with my team's existing workflow I encountered this issue:
Whenever a user attempts to authenticate through GitLab (either with a password or Personal Access Token-- yes. we've tried both) to access a restricted repository we get the following error in the console:
The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
After some digging through past issue tickets and GitLab's own issue board I've narrowed it down to the possible disabling of ROPC grants in GitLab 14. We've set everything else up according to Section 4 of the git-as-svn documentation and at this point this is the only conclusion we've been able to come to for this issue. The problem is that we can't simply build OAuth into SVN for obvious reasons, and GitLab now has absolutely no way to authenticate a CLI application like SVN with a username and password (or, it would seem, username and PAT). My team and I have been at this for most of the evening now and we can't come up with a fix aside from GitLab fixing things on their side, however if this issue ticket is any indication, implementation of a workaround for self-hosted instances is pretty far off at least.

Any input on this is much appreciated. I'm not sure what exactly can be done here but I'm just leaving this for anyone else who may be experiencing this issue.

Full(ish?) stack trace below:

org.gitlab.api.GitlabAPIException: 400 Bad Request
POST https://[redacted]//oauth/token?scope=api
{
   "error" : "invalid_grant",
   "error_description" : "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
 }
         at svnserver.ext.gitlab.config.GitLabContext.obtainAccessToken(GitLabContext.java:69) ~[git-as-svn.jar:?]
         at svnserver.ext.gitlab.auth.GitLabUserDB.check(GitLabUserDB.java:64) ~[git-as-svn.jar:?]
         at svnserver.auth.PlainAuthenticator.authenticate(PlainAuthenticator.java:47) ~[git-as-svn.jar:?]
         at svnserver.server.SvnServer.authenticate(SvnServer.java:380) ~[git-as-svn.jar:?]
         at svnserver.server.SessionContext.authenticate(SessionContext.java:128) ~[git-as-svn.jar:?]
         at svnserver.server.SvnServer.serveClient(SvnServer.java:237) ~[git-as-svn.jar:?]
         at svnserver.server.SvnServer.lambda$run$1(SvnServer.java:208) ~[git-as-svn.jar:?]
         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
         at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request
POST https://[redacted]//oauth/token?scope=api
{
"error" : "invalid_grant",
"error_description" : "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105) ~[google-oauth-client-1.31.2.jar:1.31.2]
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:326) ~[google-oauth-client-1.31.2.jar:1.31.2]
at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:346) ~[google-oauth-client-1.31.2.jar:1.31.2]
at svnserver.ext.gitlab.config.GitLabContext.obtainAccessToken(GitLabContext.java:61) ~[git-as-svn.jar:?]
... 9 more```

[slonopotamus]

I think you're hitting some different issue.

It is true that GitLab messed with ROPC grants. See #384 for relevant links. But as of today, they're enabled and git-as-svn passes tests against latest GitLab Docker image.

[AptLogic]

Any idea what the issue could be? We set up the configuration exactly as indicated in section 4 with GitLab. We're using an Omnibus installation, not a Docker image.

[slonopotamus]

POST https://[redacted]//oauth/token?scope=api

That double // in //oauth looks suspicious. Could you please try removing a trailing / from GitLab URL in git-as-svn config, restart git-as-svn and try logging in again?

Full(ish?) stack trace below

This is full stack trace, you didn't miss anything.

[AptLogic]

We gave that a try and it did not fix anything. We also tried submitting the same POST query via Postman and encountered the same result.

[slonopotamus]

Okay, guys, I need to do some manual tests against GitLab 14.x. Stay tuned, this will possibly happen in a couple of days.

[AptLogic]

Hey! Any update on those tests yet? If there's any way we can help out with things just let me know.

[AptLogic]

Update: somehow it just started working for some reason. We're validating that the issue is resolved and I'll update when there's more to report

[AptLogic]

Okay so I've re-installed completely and retried the install and now it seems to be working fine (at least on our test instance). I'm going to leave this issue up in case there's something else to it that needs to be fixed but for now everything looks ro be performing as expected!

[AptLogic]

Hey just checking in to see if you've got any progress on this issue.. We reinstalled on a different lab instance and now the issue is cropping up again. I'm hoping we can get this fixed soon so my team can move on to getting svn+ssh working.
Any new ideas?