Authentication and authorization can be daunting topics for many developers, including those of us working in the landscape of web apps. Jargon and acronyms (OAuth, OIDC, JWT, IETF)? How does cookie-based authentication work? How does token-based authentication work? New SPA authorization best practices?! What are the shortcomings and advantages we need to consider when adding authentication to browser-based applications? I’ll demystify the terminology and concepts of authentication and authorization and talk about how modern web application security can be implemented easily with authorization servers.