Migrating Custom JWT and reconnecting same user to Realm Atlas

Hey there,

We’re using Realm Atlas App Services to log-in our users entirely from the client side (iOS & Android). Today the path is like this:

Sign in with Google → Pass Google ID token to Firebase → Pass Firebase ID Token to Realm → user is authenticated

I’m trying to understand how (and if its possible) to later on migrate to a different authentication provider (not Firebase) and still have the same user connected to the same Realm resources.

i.e.

Sign in with Google → Pass Google ID to X → Pass X’s ID Token to Realm → user is authenticated.
(X being a different provider like Auth0, or even a custom backend.)

I saw this post:

Which says:

[…] send the same user id in the token payload, so that Realm will still recognise the same user (in other words, the sub claim shouldn’t change after the reset). If a different sub claim is sent, a new user will be created.

Which mentions that if the User ID / Sub are the same, it should reconnect the user, but I’m still not entirely sure how it works.

Looking at the diagram here:

It seems like getting a different JWT token, even with the same sub, will not necessarily work because Firebase has their own private key which signs them. But I might be confusing things?

Could you assist in understanding if there is a “migration path” to re-link Realm users to different providers?

Thanks, much appreciated !
Shai