Comment by TeMPOraL
6 hours ago
Stealibg OAuth keys from first party app to impersonate it in order to not have to pay for usage with properly generated API key was never part of normal use anywhere.
6 hours ago
Stealibg OAuth keys from first party app to impersonate it in order to not have to pay for usage with properly generated API key was never part of normal use anywhere.
Yeah, the main point here is they had a CLI specifically that allowed you to call Claude, and that was being used. The CLI giving you access should kind of indicate that you should be able to use it as it is defined in the help.
I do agree, though, that the parts of this that were actually using the Claude system to generate OAuth keys themselves are a little sus.
That makes sense to say “must use Claude harness to login before calling Claude cli or using Claude code sdk”
You're not stealing oauth keys, they are your keys??