Why does CI doesnt include Auth library?

A notable addition to what @skunkbad said:

That doesn't mean you should write the entire thing on your own. Security is hard and it is very likely that you will screw it up. But it is a need better served by third-party packages - you simply pick one that would best serve your use case.

And as a side note, this "Auth" short-hand that everybody uses adds a lot of confusion when you try to dive into this problem, because it can refer to two closely-related, but ultimately different things - authentication and authorization.

Authentication is "are you who you say you are" - credentials verification
Authorization is "are you allowed to to X" - permissions, roles, etc. (what's commonly referred to as ACL)

Authentication methods have a lot of low-level technical implications and each different solution is very different.
Authorization, in this context (it can also mean other things), is almost pure business logic and all strategies for it are very similar, but key details make drastic changes. Just think about user-based vs group-based permissions - sounds and looks almost the same, but if you try to implement both as options in a single package, it's not at all that simple.