you don't need to use their library - check the implementation, it's just a few lines of code

You literally just sign an event and stick it in the auth header. This proves to backend that you control the private key, and that you are logging in to X website at X time.

This approach works with all signing mechanisms (nsecbunker, extensions, local key, signing device).