In my eyes, that felt like something that should be separate from any given app or back end API, so in my case I use mod_auth_openidc: https://github.com/OpenIDC/mod_auth_openidc with Keycloak: https://www.keycloak.org/

My back end/app just gets a few headers that say who an authenticated user is, if they are logged in. When I need to log in or create a user, I can just direct them to the Keycloak SSO portal, where they can also use social login.

It's using OpenID Connect without the insanity of dealing with the low level logic. And the Relying Party implementations work across any technology, be it PHP or Ruby, Node, Python or anything else (a simple auth filter that checks the headers is trivial across all of them).

Seems like almost no Node framework has this out of the box. Maybe AdonisJs, but I think you still have to create login and signup page templates yourself (and password reset forms, etc.). It's probably because Node is used to back self-designed SPAs, but it's still a bit of a bummer for getting a new idea off the ground quickly.