Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Cloudflare built an oauth provider with Claude

⁨68⁩ ⁨likes⁩

Submitted ⁨⁨2⁩ ⁨days⁩ ago⁩ by ⁨anus@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://github.com/cloudflare/workers-oauth-provider/

source

Comments

Sort:hotnewtop
  • drspod@lemmy.ml ⁨2⁩ ⁨days⁩ ago

    Looking through the commit history there are numerous “Manually fixed…” commits, where the LLM doesn’t do what the programmer wants after repeated prompting, so they fix it themself.

    And here is the problem. It required expert supervision for the prompts to be repeatedly refined, and the code manually fixed, until the code was correct. This doesn’t save any labour, it just changes the nature of programming into code review.

    If this programmer wasn’t already an expert in this problem domain then I have no doubt that this component would be full of bugs and security issues.

    source
    • Kusimulkku@lemm.ee ⁨2⁩ ⁨days⁩ ago

      This doesn’t save any labour

      So you claim

      source
    • anus@lemmy.world ⁨2⁩ ⁨days⁩ ago

      Agreed, and yet the AI accelerated the project

      source
      • drspod@lemmy.ml ⁨2⁩ ⁨days⁩ ago

        So they claim.

        source
      • KairuByte@lemmy.dbzer0.com ⁨1⁩ ⁨day⁩ ago

        The fact hat multiple experts reviewed every line of code by hand, I have to say this is impossible unless you’re comparing it to “the junior devs wrote it all and I just kept correcting hem.”

        source
  • ShittyBeatlesFCPres@lemmy.world ⁨2⁩ ⁨days⁩ ago

    This seems like a perfectly reasonable experiment and not something they’re going to release without extensive human and security review.

    Oauth libraries aren’t new and A.I. can probably generate adequate code. My main problem with A.I. for this purpose is that senior developers/experts don’t pop out of thin air. You need junior developers now if you want any real experts in the future. Maybe you need fewer and more specialized training. Maybe the goal is to offload the training cost to Universities and tech companies only want PhDs. Maybe someday LLMs will be good enough to not need much supervision. But that’s not where we are.

    We probably need a Level x capability scale like self-driving cars for this sort of thing.

    source
    • bookmeat@lemmynsfw.com ⁨2⁩ ⁨days⁩ ago

      If you read the commentary on the process you notice heavy reliance on experts in the field to ensure the code is good and secure. Claude is great at pumping out code, but it can really get confused and forget/omit earlier work, for example.

      I think the notion of junior developers disappearing because of AI is false. These tools accelerate productivity, they don’t replace human experience.

      source
      • Ryick@lemm.ee ⁨2⁩ ⁨days⁩ ago

        I think the notion of junior developers disappearing because of AI is false.

        This is true, because AI is not the actual issue. The issue, like with most, is humanity; our perception and trust of AI. Regardless of logic, humanity still chooses illogical decisions.

        source
      • anus@lemmy.world ⁨2⁩ ⁨days⁩ ago

        I think this take undervalues the AI. I think we self select for high quality code and high quality engineers

        But many of us would absolutely gawk at something like Dieselgate. That is real code running in production on safety critical machinery.

        I’m basically convinced that Claude would have done better

        source
        • -> View More Comments
    • nucleative@lemmy.world ⁨2⁩ ⁨days⁩ ago

      Doctors face a similar obstacle before they can practice: medical school and residency. They literally have to jump from zero to hero before the first real paycheck.

      Things may evolve this way for senior software developers with a high rate of dropout.

      source
    • anus@lemmy.world ⁨2⁩ ⁨days⁩ ago

      I hear you, and there’s merit to the concerns. My counter is

      The same was true at the Advent of books, the Internet, and stack overflow
      It’s Luddite to refuse progress and tools based on an argument about long term societal impact. The reality is that capitalism will choose the path of least resistance
      
      source
      • ShittyBeatlesFCPres@lemmy.world ⁨1⁩ ⁨day⁩ ago

        I don’t know anything about you, obviously, but I suspect you should to take a more nuanced, historical view of Luddites. Writing someone off as a “Luddite” probably isn’t the burn you think it is.

        I’m all for technological progress. Who isn’t? It’s the politics and ownership that causes issues.

        source
        • -> View More Comments
  • anus@lemmy.world ⁨2⁩ ⁨days⁩ ago

    Quoting from the repo:

    This library (including the schema documentation) was largely written with the help of Claude, the AI model by Anthropic. Claude’s output was thoroughly reviewed by Cloudflare engineers with careful attention paid to security and compliance with standards. Many improvements were made on the initial output, mostly again by prompting Claude (and reviewing the results). Check out the commit history to see how Claude was prompted and what code it produced.

    “NOOOOOOOO!!! You can’t just use an LLM to write an auth library!”

    “haha gpus go brrr”

    In all seriousness, two months ago (January 2025), I (@kentonv) would have agreed. I was an AI skeptic. I thoughts LLMs were glorified Markov chain generators that didn’t actually understand code and couldn’t produce anything novel. I started this project on a lark, fully expecting the AI to produce terrible code for me to laugh at. And then, uh… the code actually looked pretty good. Not perfect, but I just told the AI to fix things, and it did. I was shocked.

    To emphasize, this is not “vibe coded”. Every line was thoroughly reviewed and cross-referenced with relevant RFCs, by security experts with previous experience with those RFCs. I was trying to validate my skepticism. I ended up proving myself wrong.

    Again, please check out the commit history – especially early commits – to understand how this went.

    source
    • red_bull_of_juarez@lemmy.dbzer0.com ⁨2⁩ ⁨days⁩ ago

      That perfectly mirrors my AI journey. I was very skeptical and my early tests showed shit results. But these days AI can indeed produce working code. But you still need experience to spot errors and to understand how to tell the AI what to fix and how.

      source
      • anus@lemmy.world ⁨2⁩ ⁨days⁩ ago

        Agreed. It creates a new normal for what the engineer needs to actually know. In another comment I claimed that the same was true at the advent of stack overflow

        source
        • -> View More Comments