Although in the case of authentication, Rails has dropped the ball for over a decade on providing an out-of-the-box solution. Practically everyone uses Devise.
Even though the maintainers have pretty much said to use anything else!
I'm guilty myself. I know how Devise works, including all of its quirks, so I refuse to learn something new. I don't think Rails will ever have a built-in authentication solution. But I would love to see more official support for something a bit "lighter" than Devise. And that works out of the box with Turbo.
I believe the maintainers regard authentication, rightly or wrongly, as a business-level feature. Not so much the mechanics of checking a user's credentials but how you want to steer the different authentication flows.
