Not in my experience; basic session auth is easy enough, and oauth has been around for a while now.

What keeps giving though is CRUD. Naming things, forms, APIs, persistence, every time, rinse and repeat.