I had a simple Flask app that need an auth so I wrote my own and I wouldn't quite call it simple. There are so many security concerns. What password hashing algorithm to use (PBKDF2, bcrypt, scrypt, etc). Even the password reset mechanism can be an attack vector if one-time login url is generated poorly and an attacker can generate a large volume of password reset requests.