Goal
The path to "はじめてのデジタルアイデンティティ"
Here is the reading path leading up to this book, derived from its dependencies and ordered from the fundamentals.
The path so far (3 books)
Why read this first: Authentication, sessions, and cookies all sit on top of HTTP. Grasping HTTP's behavior from first principles first lets you understand structurally where in the protocol the vulnerabilities in Tokumaru's book actually arise.
Why read this first: After grasping the overall picture of vulnerability defense, descend to the cryptographic foundation that much of it relies on. Understanding the logic of hashing, signatures, and public-key crypto lets you treat TLS and token verification as principles rather than magic.
Why read this first: With hashing and signatures as your cryptographic foundation, see how they play out across a real identity lifecycle. This book traces registration through login, recovery, and account closure as one continuous flow, moving from single-service authentication/authorization to identity-provider federation.
Sources