Basics :

Nowadays to ease load with logging into multiple platforms companies implement stuff like OAuth, OpenID Connect and SAML to have secure and standard auth flows.

Also you should remember the diffrence :

Authentication is “confirming who a user is”

Authorization is “confirming what a user can do”

Authrization are normally governed by policies like DAC, RBAC, ABAC, MAC.

RBAC is the one normally used for web apps which relies on roles to grant users different perms. Some common techniques to break auth are Brute Forcing, Manipulating cookies like JWT, exploiting weak encryption, Token, password stealing from a url etc.

Oauth : A standard protocol that is implemented to allow secure authorization and delegation of access b/w diffrent web services.

SAML is an XML-based open standard for exchanging authentication and authorization data between identity providers (IdPs) and service providers (SPs)

JWTs

Json web tokens are a way of formating data in a secure way using JSON Web Singature or json web encryption for protection of the data that the JWT contains. In Web apps we mostly use JWS. Two additional standards comprise JWTs. These are JSON Web Key (JWK) and JSON Web Algorithm (JWA). While JWK defines a JSON data structure for cryptographic keys, JWA defines cryptographic algorithms for JWTs.

JWT comprises of 3 parts : first is the header, the second is the payload, and the last is the signature.

Header : This part contains the metadata about what algorithm is being used what type the JWT is normally this is set to JWT, This part can also ofcourse contain more info.

Payload : This is the information that is stored in the middle of the JWT, which contains the claims that are either default, or defined by developers like user, isAdmin, etc.

Signature : This is the signature, which is computed based on the JWT's header, payload, and a secret signing key, using the algorithm specified in the header.

Common Attacks :