This whole thing got blown out of proportion because the devs of third party harnesses that use the oauth API never disclosed that they were already actively sidestepping what is a very obvious message that the oauth API is for Claude Code only. What changed recently is that they added more restrictions for the shape of the payloads it accepts, not that they just started adding restrictions for the first time.
TLDR You cannot reverse engineer the oauth API without encountering this message:
https://tcdent-pub.s3.us-west-2.amazonaws.com/cc_oauth_api_e...
There's also a meta aspect here, where the leading third party harness in this discussion is run someone who's chronically steeped in Twitter drama and is definitely not rushing to put this to bed.
Add in various 2nd/3rd place players (Codex and Copilot) with employees openly using their personal accounts to cash in on the situation and there's a lot of amplification going on here.