As soon as a self-taught-dev can't write this anymore and auth is fully in the hands of only big corps, I'm pulling the plug.

Yes, a self-taught-dev should not write their own hashing-algorithms and so on, sure. But if Oauth2 is so complicated and hard to get right (and test), well then maybe the standard isn't so great.