One thing I did early on, that I would highly recommend, is picking up a Security+ study guide book and reading it. I recommend a digital copy, since it's easier to ignore the fact that the book is quite large. Even if you never do the certification (I haven't), the Security+ curriculum gives a really nice broad overview of a ton of the concepts involved and how they're used practically. From there, as a few others have mentioned ,it's hard to beat reading some of the specs for Oauth2, OIDC, SAML, etc, to understand how the primitives are woven together and what the different terms mean.