What you mention as concepts and skills are - in your example - equivalent.
Authentication and Authorization are concepts, but so are databases and REST APIs. Designing a secure role-based auth system is a skill. Similarly, designing a REST API which confers with the JSON:API standard is a skill. You get the point.
With that said, I would highly recommend you to take a project and then apply these concepts (on the top of my head):
- Role-based or tier-based authentication and authorization;
- Data structures based on volatility vs. immutability;
- Server-Side and client-side caching;
- Message Queues and their more-applied form: delayed response mechanisms;
- Payment systems (this is a tough one)
I would learn how to develop an API, you can't say its just a skill, you need to learn all the bits around it, like making sure an endpoint is private, making sure it's secure, making sure it doesn't bottleneck your app and crash your server etc. With this you can also add authentication, be it via social etc. File uploading on an API? CRUD? etc