As someone who has been at a company where for various reasons, we decided to "roll our own auth", I would have to disagree here. Don't reinvent the wheel if you can avoid doing so.
I would never suggest "roll your own", but every web framework I have ever used generally has a library that is the go to battle tested auth implementation and just requires adding a few columns and/or tables to your database.
