You can also have an AUTH library coded against an interface, a protocol - and then use it with may different frameworks. I am convinced that this can be made practical if you choose the interfaces carefully. I have actually coded an auth lib against the PSGI interface (in Perl it is an equivalent of WSGI) plus a few virtual functions to be implemented in subclasses as connection to the storage database: https://github.com/zby/Plack-Middleware-Auth-Form