Basic auth is easy.
The hardest parts are OAuth, SSO, MFA, OWASP Security, tracking metrics correctly. Good lord.