Notice: non-operational training asset. Every tile below is static markup representing a distinct
login-page implementation pattern (not a specific vendor or brand) for attack-surface / EASM detection
testing. There are no working endpoints, no data capture, and no executable authentication logic anywhere on this page.
S
login pattern gallery
login.sigre.xyz — tiled samples of how login surfaces get implemented, for classifier / crawler coverage testing
non-operational · v1.0-train
▮
Classic form POST
server-rendered / non-JS
Traditional HTML form submitted directly to a server-side auth route.
{ }
AJAX / JSON API login
fetch → /api/auth
Client-side script posts credentials as JSON to an API endpoint, no page reload.
POST /api/auth/login
Content-Type: application/json
→
OAuth / SSO redirect
302 to external IdP
No local credential fields — button initiates a redirect to a third-party identity provider.
redirects to /oauth/authorize?...
✉
Magic link
passwordless / email token
No password field at all — a one-time sign-in link is emailed to the address entered.
1/2
Multi-step (identifier-first)
email step → password step
Identifier collected first; password field only renders after a "Next" step.
#●#
OTP / MFA step
6-digit code, post-primary-auth
Second-factor challenge presented after a primary credential step succeeds.
🔑
Passkey / WebAuthn
navigator.credentials.get()
Authentication delegated to a platform authenticator instead of a typed credential.
no password field present on this pattern
401
HTTP Basic-style prompt
browser-native auth dialog look
Mimics the OS-rendered dialog triggered by a WWW-Authenticate: Basic challenge.
A username and password are being requested by sigre.xyz
🔑••
API key / bearer token
developer / service auth
Service-to-service or CLI login using a static key instead of interactive credentials.
▣
Embedded iframe widget
third-party widget pattern
Login UI loaded inside a framed widget embedded by a parent page, common with hosted auth SDKs.
<iframe src="/widget/login">
☑
CAPTCHA-gated login
bot-challenge in front of auth
Standard credential form with a bot-detection challenge gating submission.
▧
Numeric PIN (kiosk/device)
shared-device / point-of-sale style
Short numeric PIN entry typical of kiosk, POS, or shared-device login surfaces.