Some have tried working on this. Authentik even developed a hack to make it work with HomeAssistant. Unfortunately the core devs of HomeAssistant have historically viewed external auth as a niche feature that users don't care about.^[https://github.com/home-assistant/architecture/issues/832#issuecomment-1328052330] Not sure if that is still the case, but until that mentality changes we are stuck with native auth because PRs are just going to get denied.
I think this post pretty much sums it up:
In 2024, Home Assistant sticks out like a sore thumb among FOSS projects for its lack of modern authentication and authorization.
Don’t forget the 20% mandatory gratuity!