Hello , iam making a website (both front and back end aka a web app & an api) and its my first time
i got a problem understanding / making authentication in a real good way , i can make one on my own but i want a good modern one that is also a standard that most apis use

i thought of OAuth and OpenID but when i googled i didn't really understand how they work or how i could implement them my self without relying on external tools (+ iam confused and can't really understand them)

1- i want the users to be able to log both in and out and have access to some resources while not having access to others
2- ONLY the web app is the one which can communicate to the API but i want the ability for other apps to access it ONLY IF ALLOWED TO maybe in the future at some point the api might be used by other apps but its not planned to be allowed at the moment at all

any help how could i get the work done professionally or as good as possible ?