There is a lack of documentation on how to use CSRF Protection and gathering a crumb when gitlab-oauth (and other oauth providers) are in use, and what limitations there are.

For instance: You cannot password auth, you must create a jenkins api token, Additionally your user (not the groups you are assigned to in gitlab). If after logging in you receive:

• 500 error - Your credential is bad
• 403 error - Your credential is good but your user is missing Overall Read access
• 200 - Success you should have a Jenkins-Crumb