The author mentioned that (1) they have had many poor experiences with Wells Fargo and (2) they don't have much experience with Apple but the experiences they have had weren't positive. I personally have had to deal with my fair share of janky and badly designed support systems (especially in health and banking), sometimes they are worse than startups. So it's not outside the realm of possibility that giving the support rep the auth code was simply the best solution they could find given whatever poor and legacy systems they had in their backend.