How can I secure my Custom Function Auth Provider that it will only accept requests only from my Web App with Realm Web SDK?
I have a Custom Function Auth Provider and using Realm Web SDK it can login my users using
const app = new Realm.App({ id: process.env.REALM_APP_ID as string });
app.logIn(Realm.App.Credentials.function({ username, password }))
On my browser I can see on Inspect > Network, I can see it is a POST HTTP Request with URL https://<myAwsRegion>.realm.mongodb.com/api/client/v2.0/app/<MyAppId>/auth/providers/custom-function/login
I can easily use Postman Tool to call this Post Request and get my
{
"access_token": "",
"refresh_token": "",
"user_id": "",
"device_id": ""
}