How did you evaluate the auth implementations? In my experience it's about as hard to poke holes into something as it is to fix it. Besides, a custom auth implementation doesn't need to be best-in-class, it needs to just be good enough.