I understand people use these logins, but I'm not trusting a third-party login to gate access to anything I might miss. It's already annoying enough that there are virtually no access guarantees for a service, but to add a second point of failure is a risk I'm not going to take if I have any fear of losing access. For something like TikTok where I can download the recipe videos the risk is appropriately low, but that's the only place I can think of off the top of my head where I actually use a login provider.

Plus, it offers very little convenience for users vs just using a password manager. I realize figuring out the right bcrypt/datastore setup is kind of annoying, not to mention opening you up to liability, but it's always been worth it to me in the past.

While I generally agree with your comment, a lot of people actually use it because they don't use a password manager and it's more convenient then.

One additional benefit to having OAuth2 support though is that you can easily set up SSO if needed (and you don't care about SAML or other SSO protocols). For me personally this will be useful for an NGO that I'm running where we have Google Workspace effectively serving as a Single Sign On server.

> Plus, it offers very little convenience for users vs just using a password manager.

It definitely does - the sign-up process is much quicker with oath2.

Once you're signed up, sure.