Some articles like [1], [2] seam to share the opinion that OAuth should be used in its traditional use case: "Granting an applications the access to the resources of a user/resource owner or the do actions on behalf of the resource owner"
[1] https://dzone.com/articles/oauth-20-vs-session-management
[2]https://www.ory.sh/hydra/docs/concepts/before-oauth2
On the same time I know that SaaS like Okta, Auth0 etc. are often used to solve the problems of authentication or session managment. But those Services do use OAuth2.0.
On the same time there are Solutions like supertokens or Ory Kratos, that do not use OAuth2.0.
Honestly: I am very confused what solution is the best regarding security and ease of deployment.
For context, we're building Saasform as a "secure infra" for SaaS with auth+payments. The idea is to deploy a microservice to handle auth but consider it a 1st party (wrt solutions like Auth0 that would act more like a 3p).
Here I have a guide that goes through some details. You may want to check the notes about SAPs. https://docs.saasform.dev/start/integrate-user-authenticatio...
We're the authors of the dzone article amongst others that you can find on our blog (supertokens.io/blog) on similar topics.
The reason Okta, Auth0 use OAuth 2.0 is because they are considered 3rd parties to your own backend. The user logins to Okta / Auth0 as the IdP and then they provide your app access to their backend to access the user's information.
With SuperTokens, the user is signing into your own backend as opposed to a 3rd party and hence OAuth is not required. Hope this answers your question!
users <-> frontend, use OAuth