Generally this. There are obvious reasons you might need to use Oauth2/OIDC... but for side projects, I really don't get why people are so opposed to storing a bcrypt or argon hash, and keeping a session table or using a JWT. I can see "never rolling your own auth" if that meant using your own hand-rolled crypto libraries, but somehow it seems to have became "you must pay for a service or use some magic library".
