Initially it was LOGIN and auth_method was used to differentiate how the user authenticated.

Then it was changed to IDENTITY_PROVIDER_LOGIN.

Now it seems to be back to LOGIN.

This is rather messy! Why has it been changed so much?

IMO it should as it was initially (LOGIN with auth_method). We also need to make sure identity provider id and sub is included. The latter is missing at the moment.