GitLab OAuth race condition with exchanging code for an access token

Summary

As per https://docs.gitlab.com/ee/api/oauth2.html, attempt step 3 immediately after step 2. Occasionally, GitLab will return a 401 Unauthorized response with the following body:

  "error": "invalid_grant",
  "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}```

If you then attempt the exchange again a short time later, the exchange will succeed. This leads to speculation that the authorization code has not yet propagated across all database shards or servers.

If any more information is needed, let me know.