I think auth is complicated outside of browsers too. But browsers do make some things uniquely confusing, especially cookies and general security primitives are full of footguns

Not who you're replying to but browsers do way too much. Load the code you're given and don't do anything else.

FedCM might be of interest to you. It's one effort to make browsers do more around authentication.

Wrote an article about that here: https://fusionauth.io/articles/authentication/fedcm (hosted at my employer's website)