It is not that it is complicated, just that it is generic. It assumes nothing about your web server, if you even use a web server, or anything of the sort. It is a general library to handle essentially any form of auth, such as I use Google Auth and I built an LDAP auth that is used in mine through ueberauth, I’ve not seen that being possible in any other library yet. If you need the power then it is very nice. If you are making a simple sign-up site with no external links then eh, not needed.
As for Guardian, it is an awesome JWT library, and I use it for sockets and API endpoint, I ‘barely’ use it in my app (just as a ‘holder’ for a better lookup) and I instead use my PermissionEx library with the Canada library for permission handling in pages.