Using standard protocols like OIDC/OAuth 2.0 lead to a decoupling of user authentication and authorization. The main responsibility shifts from the application to the identity provider/authorization server so in general the place where authentication credentials are collected should also be the IdP and not the application. In addition, the hosted login page can be fully customized, including using Angular (although it may be an overkill) as you can still have consistent branding without having to implement the hosted login page in Angular.