The r/webdev subreddit has been drowning in AI-related posts lately, and honestly, the frustration is justified. But buried under the noise is a real question worth answering: should you let AI generate your authentication code, or should you use a managed auth service? I've been on both sides of this. Last month I watched a junior dev paste a ChatGPT-generated JWT implementation into a production app. It looked correct. It even had comments. But it was storing tokens in localStorage with no rotation strategy and the refresh logic had a race condition. That's the kind of thing that keeps me up at night. So let's actually compare these approaches with real code and real tradeoffs.…