Issues with Google OIDC: The OAuth client was not found

[s-ol]

I have SSO working on headscale v0.28.0 and am trying to set up SSO for headplane 0.6.2b5.

Based on the headplane documentation, I'm trying to reuse the existing OIDC credentials created and tested for headscale. Here's the entire oidc config for headscale:

oidc:
  only_start_if_oidc_is_available: true
  issuer: "https://accounts.google.com"
  client_id: "abcdef.apps.googleusercontent.com"
  client_secret_path: "/var/lib/headscale/client_secret.txt"

  extra_params:
    domain_hint: mydomain-a.it

  allowed_domains:
    - mydomain-a.it
    - mydomain-b.it

and here is the headplane oidc config:

oidc:
  issuer: "https://accounts.google.com"
  headscale_api_key: "<redacted>"
  client_id: "abcdef.apps.googleusercontent.com"
  client_secret_path: "/var/lib/headscale/client_secret.txt"
  extra_params:
    domain_hint: mydomain-a.it

When I try to log in via SSO, I see the following request parameters going into Google's OAuth flow:

The login flow continues as expected with the following returned to the headplane callback:

However next I am redirected to a Headplane login error:

Configuration Issue(s)
Authentication with the SSO provider failed. Please try again later. Headplane logs may provide more information.

The container logs:

[auth] ERROR: Got an OIDC response error body: {"error":"invalid_client","error_description":"The OAuth client was not found."}

I've double checked the client_id passed to the Google OAuth flow and it matches the one displayed in the google cloud configuration and is correct in both config files also. The secret is mounted in a volume at the same location in both containers. What else can I check? I don't really understand what could be wrong at this point. Any help diagnosing this would be appreciated :)