Authentication is a difficult problem to solve if you're doing it for more than one app. In addition, many auth solutions aren't secure front to back (usually only on the front side). Developers tend to be poor at writing proper security solutions on the whole - so having independent security practicioners have input is worthwhile (eg: open source, or enterprise) IMHO.