Thanks for that, I agree simple password authentication doesn't require a library, but there are still pitfalls and mistakes so I don't mind encouraging libraries as at least there is (for the popular libs) some responsibility taken for quality of implementation, and things like password reset mechanisms etc.

As you mention handling multiple Oauth providers and stuff that is usually not worth the effort without a library, but anyway. Just looking out for people like the younger me (who would probably have tried to roll out things they shouldn't have, naively).