SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Interesting, the oauth way would probably be the safest way to go. Have you thought about the feature request at all? I understand that there are much more important things to do but just wondering if you've thought of a solution. For example if you know that you will add oauth to support the feature then I'll just implement oauth on my end and swap it later