AI Led Me Into a Loop
From my past experiences, AI can refactor a complex React component or generate a tricky SQL query flawlessly. However, when I moved on to setting up OAuth with Supabase, Google, and Expo — suddenly, the AI feels like it’s lost its mind.
After days of going in circles with conflicting AI suggestions and "invalid_grant" errors, I hit a wall. I was beginning to doubt myself and lost my confidence.
The "Auth Zone": Where AI Loses Its Magic
AI is incredible at "installing packages" or "refactoring code," but OAuth is different. OAuth isn't one problem; it’s a chain of 6–10 independent systems that all have to agree.
The "Truth" Lives Outside the Code
With standard logic, the source of truth is in your files. With Auth, the truth is scattered across dashboards the AI cannot see:
- Supabase Dashboard: Redirect URLs and provider toggles.
- Google Cloud Console: Client types (Web vs. iOS vs. Android).
- Expo Config: App schemes and app.json settings.
AI can write the implementation code perfectly, but it can’t see that you missed a single character in a hidden dashboard setting.
Tiny Mismatches Cause Total Failure
OAuth is incredibly brittle. A single character difference results in a total crash, and the symptoms always look identical. Whether it's a trailing slash in a callback URL or using a Web Client ID instead of an iOS ID, the error is always the same: "token exchange failed."
AI can’t infer which mismatch you have without seeing the exact dashboard state and the exact runtime payload.
The Tutorial Trap
There isn't just one way to do OAuth. Depending on whether you're using Expo Router, PKCE flows, or an older version of Supabase, the "correct" answer changes. AI often suggests a fix that is technically perfect but belongs to a completely different version of the problem.
The Runtime "Ghost in the Machine"
Auth is a sequence of events: opening a browser, logging in, and redirecting back. If the app handles the link twice or loses memory between steps, the results feel "haunted." AI doesn't observe this sequence—it only sees the code you provide.
When the Problem Becomes Personal
After a few days of going in circles with these issues, I began questioning myself rather than the problem. The temptation wasn’t just to switch tools—it was to abandon the project altogether.
But after a good night’s sleep, something shifted. Instead of diving back into code, I zoomed out one level and asked a different question:
What if this isn’t a reflection of my ability — but a limitation of AI that I didn’t yet understand?
That reframing was liberating. I began to try to understand the whole picture of different moving parts. My questions to AI became more intelligent, and that helped me to get unstuck and understand everything more deeply.
The Takeaway
AI is strong when the problem is contained in code and there is one deterministic path. OAuth is hard because the problem is mostly configuration, and the failure points are in the "seams" between vendors. AI is still incredibly helpful, but I just needed to understand its boundries.
Top comments (0)