I'm crazy about Replit, 6 of 7
Now it's the AI that's going crazy
Original: https://aprenent.substack.com/p/mhe-flipat-amb-replit-6-de-7
This is the continuation of the post: https://thelearningrub.substack.com/p/im-crazy-about-replit-5-of-7
Luckily, although I would say unfortunately, I have implemented many “Google Login” in my life and I immediately saw that the steps it suggested me to take to get Google credentials were mistakes, failures, and in my eyes, a complete failure. This is a complete crap from the Agent, to the level that we could categorize it as hallucination. Why?
1 No need to enable the Google+ API
2. OAuth 2 credentials are not created just like that, you have to go through 3 or 4 configuration screens and set what you need and there is a maze of permissions that if you don't need them it's better not to touch.
3. And to top it off, it tells you to put a redirect localhost
Warning : I'm not 100% sure about the third one, I think it's allowed in development environments, which "theoretically" where I was is one... but this runs in the Replit cloud, you wonder if Google was able to return the OAuth call there indicating localhost...
I don't know how the Agent generates this recommendation, whether it makes it from scratch or has a RAG or consults common actions, either way it is incorrect. Here a non-technical person can be blocked indefinitely, not only because OAuth is usually a Christ, but because if on top of that, they give you a bad manual, you've drunk oil.
To top it all off, Replit's own people have some awesome documentation on how to implement a Google Login with Python: https://docs.replit.com/additional-resources/google-auth-in-flask , man! Reference your own content before inventing it, you devil's twat! Or refer to the official documentation for the corresponding service (warning to browsers, Google's technical documentation is the worst, to put it mildly).
In fact, I used this Replit documentation to go through the fresh step-by-step process of configuring OAuth and once I had the credentials I gave them to the Replit Agent. Then we got to this point:
Oops an image that doesn't load? It turns out that the Agent was linking directly to an image of the Google logo on WikiMedia, congratulations son. The best part is that at that time all of WikiMedia was down (I don't think it was my fault haha) so I don't know if WikiMedia had blocked me directly or maybe from the private programming environment it wasn't accessible. In any case, I had to download an image myself and link it manually, because I wasn't going to spend a few cents for it.
I assume that the Agent does not have the ability to download things autonomously, that are not Pip or NPM dependencies, and of course, then these things happen, and luckily, because if it had worked, I could still have calmly published with this unwanted external link and any random day they cut off my water supply.
I had another problem, and that was that, at the end of the day, Google was telling me that you're going to shave me tomorrow, I was going to connect to them from the development environment, I got banned and I couldn't even see the Google login screen.
Another one of those moments of total block for a non-technical person. I quickly figured out that if I wanted to test Google Login, I had to deploy to the open internet.
The deployment in Replit, like silk, a button, you choose the type of deployment and in two or three minutes you are in the air. Having done that, the Google login was already working for me, then it gave me the callback redirect_url, but with a classic tug-of-war I got it going.
I already had a trusted authentication system in the application. Here the Agent fell very short for me, but I will not deny that it made it a lot faster. Normally, when you are in very closed development environments and you have to take the steps to make something like this work, you have to mess around with infrastructure and cloud issues, there is always some hidden and random permission that makes things not work. Replit's "automatic" cloud solves all this for you, they are not, but pioneers in this, but it is appreciated that they are at the state of the art of DevOps.
But I had another setback, having Google Login was cool, however… now I could only do tests on the open internet and doing deployments, because my application required a Google Login that only works “outside”. Let’s add more complexity, let’s make sure that if I’m developing in Replit, I don’t skip the Google Login, trivial right? No way.
In fact, out of inertia and because I was already beginning to distrust the Agent, I asked o1 directly.
The thing is that here o1 also failed, combined with the fact that I am not super familiar with Flask/gunicorn, although the recommendations seemed appropriate, in the Replit environment it did not work. Between o1 and o1-mini we tried using variables in the app.config when starting the web app, environment variables... but nothing was working in Replit, so, once again I had to put on my "expert" hat, go through the LLMs and look into the matter a bit.
In the end this must have been like a Docker and I found in the Replit code files some “.replit” configuration files that looked very similar to a Dockerfile and there you could see how the gunicorn run was configured. With this file and the nuance that I have in Replit, then o1 redirected and recommended me to configure in the Replit Secrets the environment variable that would discriminate the environment to do or not do Google Login later. And then I saw that in Replit you can configure in a very elegant way that a Secrets variable has a value for your development environment and another for the deployment, so I already had everything I needed to set it up.
Surely a person with all this more at hand would have solved it quickly, I learned it quickly, and in some way it serves as an example of how with Replit + o1 + incomplete knowledge, you can reach the desired solution at a good speed.