pick an outcome you wish to achieve, break it down into subtasks, then work on them one by one.

After completing each subtask, review and re-prioritize the task list

As you go along, more tasks will come up that need to be added to the list

Edit: perhaps the hard bit is coming up with a thing to achieve? There are some examples in the other comments, such as setup xxx to auth with yyy

> perhaps the hard bit is coming up with a thing to achieve

it is. I don't need a full 2FA TOTP AD integrated SSO for my personal NextCloud instance.

The only way to understand it outside of a job task is to make it for my personal NC instance with usercount of one

that’s fine! There are also plenty of charities that would benefit from your help. I used to volunteer to do IT work for the red cross.

TL;DR be curious and scrutinize

When you want to learn something, you probably have some kind of goal in mind. Let's use this as an example: you want to learn about Auth, because you need to integrate OAuth in an application.

Sure, you could just read a tutorial that does exactly accomplish your task, and you are "done". The tutorial will probably tell you, call this API endpoint, use this library, do this and that. But now you only know how to implement OAuth in your application, which may be fine, or enough for you.

But with tinkering I mean, that you don't just learn/read about the requirements for your task, but go a bit 'beyond'. For example, you set up an Identity Provider (e.g. Authentik, Zitadel, Keycloak, ...) which is 'out of scope' for your task, but now you are on the other side of the API endpoint, you can play around with the settings, see what might change with the OAuth integration in your application. Treat it like a sandbox, it's not production, you can 'build' anything you like, you now have power over both sides of the application, stuff you would never be able to do, as you are only tasked to integrate that API endpoint in your application, but would never be tasked, to deploy that API, as this is 'not your job'. You'll maybe spot one or two things, which are good to know for your integration, which you would've never seen in a Tutorial. You'll already pick up some terms that will later pop up while debugging your integration.

Your goal may be something completely different from my example, but what I'm trying to say is. If you want to learn something, because you need/want to do $X don't only learn to do $X but also take a peek at what happens end-to-end, be curious, and maybe question why someone in a tutorial says do $A and doesn't even mention $B. You'll never know that $B exists, even if it may be the better solution to do $X in your case.

Just because you want to get a project you’re working on done doesnt mean that a tutorial that gets things working will be the end all be all of your learning of auth. You can always come back after getting the project done and working to play with auth in ways beyond the tutorial taught.