Same building on their API. You design around what you think is allowed, then a blog post shifts everything. A proper developer policy page would fix this.

▲

chrisjj a day ago | parent | next [-]

> A proper developer policy page would fix this.

And that's why don't get one.

▲

TeMPOraL 2 days ago | parent | prev [-]

Stealibg OAuth keys from first party app to impersonate it in order to not have to pay for usage with properly generated API key was never part of normal use anywhere.

	▲	bradynapier 2 days ago \| parent \| next [-]
		Yeah, the main point here is they had a CLI specifically that allowed you to call Claude, and that was being used. The CLI giving you access should kind of indicate that you should be able to use it as it is defined in the help. I do agree, though, that the parts of this that were actually using the Claude system to generate OAuth keys themselves are a little sus. That makes sense to say “must use Claude harness to login before calling Claude cli or using Claude code sdk”
	▲	dnautics 2 days ago \| parent \| prev [-]
		You're not stealing oauth keys, they are your keys??