How does Realm authentication actually work?

If I use a Realm SDK to authenticate a user with Google or Apple or a custom JWT… what actually happens behind the scenes?

Does Realm App Services simply use the ID token we provide on the client side to issue its own access/refresh tokens back to the client? If that is the case, how do we control the expiry or blacklisting of those tokens?

1 Like