Interesting article, but I must agree that it is not topic where you want to do much your own code etc.
The hard thing is to find good stack so you dont have to do much yourself. It is nice to argue that stateless JWTs is the correct path, but the implementation from 0 to functional solution is PITA.
But what to use? There is well known paid auth0, but what else is out there ?
For me the solution for next project seems to be Redhat Keycloak . My usecase include creating my own user which would be able to link to various oauth external providers so I can than make scheduled tasks on behalf of them.
This level of enterprise grade software can run in cloud setup and manage session for you and can really logout by invalidating session for given token etc.
Sad that documentation is not very good for newcomers and not much easy to use libraries and tutorials where you dont need to know auth from A to Z.