One SDK, 10 minutes of your time, and you can bootstrap passwordless auth for your single-page app. With one SDK, you get all the flows: one-click,...
For further actions, you may consider blocking this person and/or reporting abuse
I have only one another requirement - authenticated API calls, with/without user credentials.
Thank you for your time taking a look. Do you mean you have an API and you want to protect it with oAuth? Is that the use case?