Authorization and Authentication are hard. when you only have to implement them once (as you do within a monolith) instead of over and over again, it makes the developer happy :-), and maybe leads to less implementation failures.
When you have a bunch of microservices, this is something that has to be considered.
Implement it once or in every microservice, or something in between?