Uhh, but guardian doesn't handle authentication. o.O
Things like Ueberauth (any form of authentication) or Coherence (identity authentication only, but lots of templates pre-built) is generally what is used.
Guardian can pass authentication or authorization information (or not, or other information, or whatever) between servers that do not share the same security information. If you only have one server, or the servers share the same security information, then there is absolutely no point to using Guardian, just use Phoenix.Token as its already built in, smaller, faster, more efficient, easier API, etc...
In essence, if you don't know what JWT is or you don't need it, then Guardian is not useful (and use Guardian handles more than just JWT now, but similar styles, if you still don't know what JWT is, you don't need Guardian).
I am curious though, where are you getting the 'handle the authentication' part of Guardian from, it does no username/password validation, no OAuth, no anything of the sort, it is just a JWT-based information storage library. The information you store in it you have to get from somewhere else anyway.