I was able to log in with Azure_OAuth2 once, but now it tells me my code was redeemed

I set up a new GitLab instance on a VM, and linked it with my company’s Azure AD. I was able to log in with Azure AD one time, but now I can’t. I get an HTTP 500 error in GitLab, and when I click Go Back, it tells me my code was redeemed.

Here’s the error:

Could not authenticate you from AzureOauth2 because "Invalid grant: aadsts54005: oauth2 authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. trace id: 707983fd-2e41-4d20-8258-0e220d954800 correlation id: 79c299c7-ed0e-46ef-a72a-0ff99ce27c42 timestamp: 2019-08-22 21:31:11z {"error":"invalid grant","error description":"aadsts54005: oauth2 authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.
trace id: 707983fd-2e41-4d20-8258-0e220d954800
correlation id: 79c299c7-ed0e-46ef-a72a-0ff99ce27c42
timestamp: 2019-08-22 21:31:11z","error codes":[54005],"timestamp":"2019-08-22 21:31:11z","trace id":"707983fd-2e41-4d20-8258-0e220d954800","correlation id":"79c299c7-ed0e-46ef-a72a-0ff99ce27c42"}".`

And here’s my configuration:

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['azure_oauth2']
gitlab_rails['omniauth_sync_email_from_provider'] = ['azure_oauth2']
gitlab_rails['omniauth_sync_profile_from_provider'] = ['azure_oauth2']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email', 'location', 'name']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'azure_oauth2'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_external_providers'] = false
gitlab_rails['omniauth_providers'] = [{
        "name" => "azure_oauth2",
        "args" => {
                "client_id" => "",
                "client_secret" => "",
                "tenant_id" => ""
        }
}]

Of course, like an idiot, I disabled password sign-in/registration, so Azure AD is the only way into GitLab. (Thankfully, there’s nothing in there yet.)

Never mind, I fixed it myself after guessing at what tail was telling me.

This line:

gitlab_rails['omniauth_external_providers'] = false

had to be changed to:

gitlab_rails['omniauth_external_providers'] = []

And now, SSO with Azure AD is working perfectly. I can log out and back in as many times as I want.