The only reason probably if some accounts already have a password and you want to support it. If you're building a new app, I'd also go for WebAuthn / passkeys-only and use some other passwordless method (e.g. social login/OIDC or email magic links as fallbacks)
I've used jwt with react, making sure to secure the token properly. In my next project I want to use openid so users don't have to manually create a new account.
IMO it's almost always good to offer some OIDC social login, just depends what provider your users use.
- https://github.com/ory/kratos