There’s some pretty common advice that as a Jr. Developer “You shouldn’t build your own auth system”.

I entirely disagree. You should build it once, from as close to the metal as is reasonable, with the most up-to-date tutorial you can find, and do it again, and maybe again, until you understand it. Then, when you start bolting on authorization libraries, you’ll have a good idea of how the whole thing works under the hood.

Security topics are generally fascinating anyway.

On that point, After Academy has an article about JSON Web Tokens.

You must have heard the proverb that “One leak will sink a ship”. So, in this blog, we will learn to design how to make our backend services non-sinkable. I will also share my experiences with creating secure web APIs over the years and point out the critical things that must be taken care of in the security design.

Check it out.