I don't know of any, but here's the resources I've found useful as I've worked in the space (disclosure: I work for an auth vendor, FusionAuth).<p>* Solving Identity Management In Modern Applications is a great book offering an overview of the entire identity process, including provisioning (adding users), authentication and more. I read and reference the 2019 edition; don't have the 2023 edition but expect it is just as good: <a href="https://link.springer.com/book/10.1007/978-1-4842-8261-8" rel="nofollow noreferrer">https://link.springer.com/book/10.1007/978-1-4842-8261-8</a><p>* OAuth2 In Action walks you through building an OAuth2 server from scratch (in JavaScript). You'll learn about the fundamentals of tokens, clients, registration, and more. Very accessible. <a href="https://www.manning.com/books/oauth-2-in-action" rel="nofollow noreferrer">https://www.manning.com/books/oauth-2-in-action</a><p>* The Security Engineering Handbook is great for foundational security knowledge, like 'What does a hash look like, and what makes a good hashing algorithm' as well as a lot of broader security topics: <a href="https://www.cl.cam.ac.uk/~rja14/book.html" rel="nofollow noreferrer">https://www.cl.cam.ac.uk/~rja14/book.html</a><p>* FusionAuth's vendor neutral articles: <a href="https://fusionauth.io/articles/" rel="nofollow noreferrer">https://fusionauth.io/articles/</a> . I'd especially call out these two: The Modern Guide to OAuth, which walks through the multiple different ways the OAuth 2 authorization framework can be used: <a href="https://fusionauth.io/learn/expert-advice/oauth/modern-guide-to-oauth" rel="nofollow noreferrer">https://fusionauth.io/learn/expert-advice/oauth/modern-guide...</a> (previous HN discussion: <a href="https://news.ycombinator.com/item?id=29752918">https://news.ycombinator.com/item?id=29752918</a> ), and the Math of Password Hashing: <a href="https://fusionauth.io/learn/expert-advice/security/math-of-password-hashing-algorithms-entropy" rel="nofollow noreferrer">https://fusionauth.io/learn/expert-advice/security/math-of-p...</a><p>* The Beer Drinkers Guide to SAML is a great resource for understanding this (still) critical standard, plus just a fun read: <a href="https://duo.com/blog/the-beer-drinkers-guide-to-saml" rel="nofollow noreferrer">https://duo.com/blog/the-beer-drinkers-guide-to-saml</a><p>* The RFCs and BCPs (as mentioned). I've also learned a lot by lurking on the OAuth mailing list, which is freely available: <a href="https://mailarchive.ietf.org/arch/browse/oauth/" rel="nofollow noreferrer">https://mailarchive.ietf.org/arch/browse/oauth/</a><p>* The Identity Unlocked podcast with Vittorio Bertocci (RIP). This is not about the basics at all, but is a deeper dive into the dev focused side of authentication, and will give you great pointers for more reading: <a href="https://identityunlocked.auth0.com/" rel="nofollow noreferrer">https://identityunlocked.auth0.com/</a><p>* The OWASP guides are good but specialized. See for example: <a href="https://owasp.org/API-Security/editions/2023/en/0xa2-broken-authentication/" rel="nofollow noreferrer">https://owasp.org/API-Security/editions/2023/en/0xa2-broken-...</a><p>* I have a substack where I talk about aspects of customer identity and access management that I think is pretty good :) : <a href="https://ciamweekly.substack.com/" rel="nofollow noreferrer">https://ciamweekly.substack.com/</a><p>I think this would be a great linkedin learning, udacity or coursera course, but didn't see anything when I searched there. I've put together courses before and it's a ton of work, but hmmm, maybe it'd be fun to do for this topic.<p>Edit: corrected spelling of Vittorio Bertocci's name.