IMO it is insane to implement Auth on your own in almost all real life use cases.
You wouldn't roll your own crypto either.
Good for learning but for real users use something that is tried and tested.
Implementing auth is nowhere near as risky as implementing crypto. The argument against doing it should mainly be from practicality. Even if you only need a basic auth scheme and not a complex net that must integrate with other services, even though such basic schemes can be done in an afternoon from scratch without problems, it can be done in even less time just using one of the bigger-than-you-need libraries for it. Sometimes it's just a few lines in an XML config. Though still, arguments for minimizing dependencies (especially frequently updating ones, which are more likely the bigger the thing is) can overrule that, case-by-case.
