Need help with 3rd party auth on Real app

Hi folks

I need some help with setting up auth in my Realm app. I have gne through the available docs but they do not have what i am looking for.

I am using Cloudflare Workers for serving the web app (its a simple forum like web app) - with Realm + Atlas for the database and Auth.

My app needs to have Google & Apple as the signin methods.

Based on all that i have read, this is my current understanding of doing auth;

  1. Add a login button which calls the logIn(credentials) function from the clientside html/js
  2. Add a redirect URL with GET method, which should also execute Realm.handleAuthRedirect(); function
  3. This creates the user object in clientside js which contains all the user details.
  4. I should now save the _stitch_ua (or _baas_ua ??) values to a http_only cookie.
  5. For any protected resource, in the backend (cloudflare workers) I should get teh token from the cookie and use
            var user = await App.logIn(Realm.Credentials.apiKey(token););
            var client = user.mongoClient('mongodb-atlas');

to fetch the data.
6. To logout, I should call .currentUser.logOut(); on the clientside html/js.

Is this overall flow correct?
Can I redirect users on the same page instead of opening a new window?
How do I refresh tokens?

I am not able to edit my post, so adding one more thought here -
it would be great if a sample app using cloudflare workers were there, which shows how authenticaion can be done for the normal web apps with html/js client code. The sample app
cloudflare-worker-rest-api-atlas/index.ts at main · mongodb-developer/cloudflare-worker-rest-api-atlas · GitHub
shows the api driven auth only, which is really not adequate for most use cases.