Self-hosted Infisical integration with GitLab.com returns 400

[Quintasan]

Describe the bug

This appears to be similar to #1875, but I'm using the provided docker-compose.yml file and SITE_URL is set to http://localhost:8080 by default.

The only unusual thing (to me) is that state parameter passed to Infisical has %7C (|) at the end every time I try to log in. Not sure if that's intended.

To Reproduce

Steps to reproduce the behaviour:

1. Create an OAuth application in GitLab.com instance.
2. Set the Redirect URI to https://infisical.mydomain.org/integrations/gitlab/oauth2/callback
3. Copy the Application ID and Secret from the GitLab OAuth application into .env
4. docker compose up -d
5. When Infisical has restarted, click on Integrations, then GitLab.
6. Continue With OAuth.
7. Click Authorize in the GitLab page that opens.
8. Get a Bad Request

Expected behaviour

Integration works

Platform you are having the issue on:

• Ubuntu 24.04
• Docker 27.5.0
• Running infisical/infisical:latest-postgres image with supplied .env (yes, I did change the secrets)

Additional context

Relevant lines from logs

[
    {
        "level": 30,
        "time": 1738066409748,
        "pid": 1,
        "hostname": "4a3f7b63438e",
        "reqId": "req-IDdMBFtHXdfZo8",
        "severity": "INFO",
        "req": {
            "method": "GET",
            "url": "/integrations/gitlab/oauth2/callback?code=<redacted>&state=<redacted>%7C",
            "hostname": "infisical.mydomain.org",
            "remoteAddress": "89.79.14.197",
            "remotePort": 46622
        },
        "msg": "incoming request"
    },
    {
        "level": 50,
        "time": 1738066412039,
        "pid": 1,
        "hostname": "4a3f7b63438e",
        "reqId": "req-iIyh0ZTBOwzG06",
        "severity": "ERROR",
        "err": {
            "message": "Request failed with status code 400",
            "name": "AxiosError",
            "stack": "AxiosError: Request failed with status code 400\n    at settle (file:///backend/node_modules/axios/lib/core/settle.js:19:12)\n    at IncomingMessage.handleStreamEnd (file:///backend/node_modules/axios/lib/adapters/http.js:599:11)\n    at IncomingMessage.emit (node:events:530:35)\n    at IncomingMessage.emit (node:domain:489:12)\n    at endReadableNT (node:internal/streams/readable:1698:12)\n    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)\n    at Axios.request (file:///backend/node_modules/axios/lib/core/Axios.js:45:41)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n    at async exchangeCodeGitlab (/backend/src/services/integration-auth/integration-token.ts:367:5)\n    at async Object.oauthExchange (/backend/src/services/integration-auth/integration-auth-service.ts:172:27)\n    at async Object.handler (/backend/src/server/routes/v1/integration-auth-router.ts:265:31)",
            "config": "[Redacted]",
            "code": "ERR_BAD_REQUEST",
            "status": 400
        },
        "msg": "Request failed with status code 400"
    },
    {
        "level": 30,
        "time": 1738066427986,
        "pid": 1,
        "hostname": "4a3f7b63438e",
        "reqId": "req-NuqcnBbv0QHXHL",
        "severity": "INFO",
        "req": {
            "method": "GET",
            "url": "/integrations/gitlab/oauth2/callback",
            "hostname": "infisical.mydomain.org",
            "remoteAddress": "52.91.76.207",
            "remotePort": 46570
        },
        "msg": "incoming request"
    }
]