In a perfect world a solid gem would be extremely popular,
well-documented, maintained and updated frequently, and serve a purpose
that isn't short lived. It also needs to be flexible.
In the case of devise, it has few bugs and fits all of the criteria
However, in terms of overhead, the type of project you are going to be
working with may not require all of its features. Is it better to build
your own authentication and understand every nuance of code you've
implemented? Does it give you 100% flexibility? Certainly. But, make
sure you know what you are doing also.
It's one thing to be stuck in a black box and quite another to bury
yourself in cement.