Gusztáv Varga
Well, you don’t need that login, strictly speaking. Core OAuth 2.0 and OIDC has nothing to do with authenticated sessions, as it’s not their concern 
They only care about delegated authorization and authentication.
I think the OAuth 2.0 intro sums it up nicely: https://tools.ietf.org/html… The key is who trusts what initially.
This article describes why this is not enough purely for authentication: https://oauth.net/articles/…
Then you can add e.g. session management on top of all these: https://openid.net/specs/op…
Most of the implementations out there solve all these problems in a single entity, but I think it is important to see that these are very different use cases, even if somewhat related.