Things to look at here:

• OpenID Connect
• JWT creator/verifier
• CORS demonstrator
• SHA or MD5 hash, or HMAC
• Base64 encoding/decoding
• HTTP Signature
• RSA/EC keypair generator
• Time-based One-Time Password
• Google Signin Widget
• reCAPTCHA
• PKCE OAuth v2.0
• apigeelint
• oauth1.0a

Fooling around

• Tile sliding puzzle