> What am I missing here that makes this a better fit?
From a cursory read, the answer is "it doesn't".
The blogger puts up a strawman argument to complain about secret management and downloading SDKs, but the blogger ends up presenting as a tradeoff the need to manage public and private keys, key generation at the client side, and not to mention services having to ad-hoc secret verification at each request.
This is already a very poor tradeoff, but to this we need to factor in the fact that this is a highly non-standard, ad-hoc auth mechanism.
I recall that OAuth1 had a token generation flow that was similar in the way clients could generate requests on the fly with nonces and client keys. It sucked.
Spot on. The burden and complexity of that cryptographic signing on the client is exactly what OAuth2 was created to avoid. Thanks for making that connection.
We are investing literal hundreds of billions into something that is looking more and more likely to flop than succeed.
What scares me the most is we are being steered into a sunk cost fallacy. Industry will continue to claim it is just around the corner, more and more infrastructure will be built, even underground water is being rationed in certain places because AI datacenters apparently deserve priority.
Are we being forced into a situation where we are invested too much in this to come face to face with it doesn't work and it makes everything worse?
What is this capacity being built for? It no longer makes any sense.