default
Username + password + Sign in. Submits to /auth/login.
with-csrf
Hidden CSRF token passthrough for session-protected endpoints.
email-autocomplete
Email-as-username flows — swap autocomplete hint so browsers fill the right credential.
prefilled-username
After a failed attempt, server can re-render with the username pre-filled. Password field stays empty by design — browsers autofill via the autocomplete hint.