Things to look at here:
CORS demonstrator
SHA or MD5 hash, or HMAC
Base64 encoding/decoding
JWT creator/verifier
HTTP Signature
RSA/EC keypair generator
Time-based One-Time Password
Google Signin Widget
openid-connect
reCAPTCHA
PKCE OAuth v2.0
apigeelint
oauth1.0a
Fooling around
Tile sliding puzzle