Absolutely wild take. Auth is most definitely not simple, nor are best practices well known, based on number of auth-related vulnerabilities published.
I guess everyone outside of the JS ecosystem, that has auth baked into the framework for decades, is just doing it wrong and riddled with hackers in their systems?