u/Tr0jAn14 — reddlx

Why does Discord's OAuth flow consistently work better than every other social provider?

I was building a side project that needs discord oauth and google oauth side by side, and discord is just… smoother. consent screen is cleaner, the dev portal actually makes sense, scopes are obvious, refresh tokens behave predictably.

Google has me filling out 4 separate forms just to get the app verified. apple shoves itself in the second i ship on iOS. facebook login is basically a graveyard. github is fine but limited in what it can actually return.

is discord just better engineered, or is it a UX choice that other providers could easily copy if they cared? curious if anyone has built against multiple dev portals recently and has a real opinion.

not looking for "use clerk lol", actually want to understand why the same protocol feels so different across providers.

reddit.com

u/Tr0jAn14 — 1 day ago

▲ 0 r/webdev

Why does Discord's OAuth flow consistently work better than every other social provider?

was building a side project that needs discord oauth and google oauth side by side, and discord is just… smoother. consent screen is cleaner, the dev portal actually makes sense, scopes are obvious, refresh tokens behave predictably.

is discord just better engineered, or is it a UX choice that other providers could easily copy if they cared? curious if anyone has built against multiple dev portals recently and has a real opinion.

not looking for "use clerk lol", actually want to understand why the same protocol feels so different across providers.

reddit.com

u/Tr0jAn14 — 1 day ago

▲ 102 r/developersIndia

Cheapest reliable way to do OTP for Indian users in 2026?

Building for users and honestly OTP infra feels way more complicated than expected 😭 Between:

DLT registration headaches
SMS deliverability issues
random carrier filtering
international SMS costs
WhatsApp Business API pricing
users not receiving OTPs on time

…it feels like authentication itself has become a startup problem now.

Curious what most Indian startups/devs are using currently???

Main priority is: cheap + reliable + fast delivery.

Would love to know what’s actually working at scale in right now.

reddit.com

u/Tr0jAn14 — 4 days ago

▲ 3 r/AIToolsAndTips

when did lip sync become this good?

src : sync.so

u/Tr0jAn14 — 8 days ago

▲ 1 r/SaaS

Quick gut check for B2B SaaS founders: if you can't answer these 6 auth questions, your enterprise pipeline will stall

Been mapping which B2B SaaS deals are stalling at procurement.

Sample is ~30 deal post-mortems I've sat through over the last 9 months across my own pipeline and 4 founder friends.

The pattern is sharp enough that I'm running it as a filter on my own pipeline now.

Dropping it here in case it's useful.

The 6 questions enterprise procurement is asking in 2026...

Can my IT team configure SSO themselves without your engineering team being on the call?
Do you have audit logs my SIEM can ingest in a structured format (CEF, JSON, syslog)?
Is your MFA phishing-resistant (passkeys, hardware keys, or strong app-based TOTP)?
Can you provide SOC 2 Type II AND your most recent pen test report?
Where is my tenant data stored, and can you pin it to a region?
If a user is offboarded from our IdP, is their session in your product killed within X minutes?

reddit.com

u/Tr0jAn14 — 9 days ago

▲ 342 r/ClaudeCode

we've been building a real SaaS for the past month.

Next.js 16, React 19, Drizzle/Postgres, Better Auth, a Hono API migration, background cron jobs, AI generation flows, admin and employee dashboards, content drafts, browse queues, anti-repetition memory. the whole mess.

early on, Claude Code was genuinely impressive. we were iterating daily, changing requirements, features getting added, removed, rewritten and what not. in that phase it kept momentum high it was fast and we weren't naive about the hallucination problem.

claude. md, migration docs, context and memory plugins, status.md, handoff.md, API inventories, explicit "do not touch" sections. every session started by reading the same files. every session updated handoff notes. we literally wrote into the repo: "Claude Code sessions lose conversational context over time, so the repo must hold migration memory, not the chat."

for a while it worked. the early stage was fast and honestly kind of insane. the problem started once the repo got complex enough that nothing was local anymore.

the repo at this point was a mess. intentionally. we had old Next routes, new Hono routes, callers that were migrated, callers that weren't, business logic in three different places depending on when we wrote it, cron routes we literally could not delete yet because production still pointed to them, schema that moved but had to keep old import paths alive so nothing broke. this is just what a migration looks like when you're doing it live on a real product.

Claude did not understand that.

it would look at one part of the system and assume the whole thing worked the same way. fix the new API path and forget the old route still had callers. move a service and silently cross a package boundary. update the frontend and quietly kill session behavior somewhere downstream. see a file that looked old and clean it up, not knowing we left it there on purpose because we hadn't cut over yet.

after the 4.7 update things got worse. noticeably. like something shifted in how it handles ambiguity. before, it at least felt like it was staying inside the lines we drew. now it just wants to finish. it'll tell you it read a file when it pattern-matched from something nearby. it'll say it followed the workflow and technically it did, just not in any way that mattered. wrong conclusions, held more confidently.

our mistake was keeping it central after the project crossed a complexity threshold.

Claude Code is great when the task is bounded. scaffolding, mechanical refactors, moving code into a known pattern. 0 to 1, or 1 to 0.7 of a production system. but it is not a principal engineer. it doesn't own architectural memory. it doesn't understand migration risk unless the risk is literally in front of it. it doesn't know which compatibility path matters in production. it optimizes for finishing the prompt.

we should have switched earlier from "Claude builds features" to "Claude performs narrow patches."

atp its just absolute mess, and rawdogging code with minimal claude code usage.

fuck this shit

Edit: folks commenting that it’s architectural mistake, i agree to some point, but we already had planned architecture and system design (not like fully detailed but it “does the job”) Claude just gave up upon it after some point

u/Tr0jAn14 — 16 days ago

▲ 4 r/ExperiencedDevs

auth0 pricing + limits are starting to feel a bit restrictive for us, so exploring descope but migration looks non-trivial, especially around users + auth flows. Im kinda curious if anyone here has actually done it:

1/ how did you handle user migration? (passwords, forced resets, etc)
2/ did you rebuild flows from scratch or map them over?
3/ any issues with sessions / tokens during the switch?
4/ how was descope’s sdk + docs in practice?

ALSO BRANDS DONT PLUG UR TOOLS AS AN ALTERNATIVES.

reddit.com

u/Tr0jAn14 — 17 days ago

▲ 5 r/AI_UGC_Marketing

Been seeing a lot of AI lip-sync tools lately, stuff like Sync Labs, ElevenLabs, etc. The demos look insanely good, but that’s always the polished version. I’m trying to use this for UGC-style ads (short form, fast turnaround), so things like:

1/ how natural the lip sync actually looks

2/ whether the voice feels real or still “AI-ish”

3/ and how well it holds up when you scale (multiple creatives, variations)

If anyone’s actually used these in production, would love to know..pls.

reddit.com

u/Tr0jAn14 — 18 days ago

▲ 1 r/softwaredevelopment

last week our second biggest account told us their internal policy straight up bans sms-based mfa and asked what else we support. we have totp, but adoption is under ~10%.

nobody wants to set up an authenticator app for the 4 tools they barely use, passkeys keep coming up, but every time we try testing it, half the team can’t get it working on their work laptops because of endpoint management policies, push would mean building a mobile app, which we don’t have.

so we’re kind of stuck in this weird middle ground where: sms is dying and totp has terrible adoption, passkeys feel unreliable in enterprise environments.

what are people actually doing rn?

reddit.com

u/Tr0jAn14 — 21 days ago

▲ 29 r/webdev

i’ve integrated stripe, twilio, sendgrid, datadog, a bunch of others, docs are mostly fine. you read them, you ship but every single auth/identity provider i’ve touched (not naming names but you can guess) feels like a different story.

docs read like they were written by someone who already knew the answer and just wanted to confirm it for themselves

half the examples are for v1 sdks that have been deprecated for 3 years.

the search returns 40 results for “webhook” and none of them are about your webhook

last week i spent an entire afternoon trying to figure out what fields come back on a session refresh.

ended up answering my own question by console.log-ing the response 😭

not a docs flex but descope's docs were the reason i picked them tbh. flow builder has visual examples and the api ref

reddit.com

u/Tr0jAn14 — 22 days ago

▲ 33 r/ExperiencedDevs

docs read like they were written by someone who already knew the answer and just wanted to confirm it for themselves

half the examples are for v1 sdks that have been deprecated for 3 years.

the search returns 40 results for “webhook” and none of them are about your webhook

last week i spent an entire afternoon trying to figure out what fields come back on a session refresh.

ended up answering my own question by console.log-ing the response 😭

not a docs flex but descope's docs were the reason i picked them tbh. flow builder has visual examples and the api ref

reddit.com

u/Tr0jAn14 — 22 days ago

▲ 43 r/Kanye

u/Tr0jAn14 — 24 days ago