SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Out of curiousity, is there a way to secure API endpoints by using a server to server login + session?  Just started wading through (the really excellent, btw) documentation but have not seen a reciepe for that scenario, only for user login. Pure session assumes frontend already authenticated but how would you guys implement something similar to say Okta's OAuth? https://developer.okta.com/docs/guides/implement-oauth-for-okta/request-access-token/