Using the credentials provider let you use your own logic, conditions, etc, if you return a valid user object solid-auth will update the session accordingly, any thrown error will be thrown on the client side and the server will result in 401.