There is a lack of documentation on how to use CSRF Protection and gathering a crumb when gitlab-oauth (and other oauth providers) are in use, and what limitations there are.
For instance: You cannot password auth, you must create a jenkins api token, Additionally your user (not the groups you are assigned to in gitlab). If after logging in you receive:
- 500 error - Your credential is bad
- 403 error - Your credential is good but your user is missing Overall Read access
- 200 - Success you should have a Jenkins-Crumb