What you mention as concepts and skills are - in your example - equivalent.
Authentication and Authorization are concepts, but so are databases and REST APIs. Designing a secure role-based auth system is a skill. Similarly, designing a REST API which confers with the JSON:API standard is a skill. You get the point.
With that said, I would highly recommend you to take a project and then apply these concepts (on the top of my head):