Realm Web authentication on a server

I’m looking for a way to handle authentication on a websocket/express server with realm-web. What I’m thinking is using JWT authentication in a piece of middleware, but not sure if that is the best way to handle it. I could use stateless auth and create an app instance for each request, but that seems a bit heavy.
I’m not very experienced with handling user authentication on a server like this, so any guidance is very much appreciated.

Here’s my tentative code

const auth: RequestHandler = async function(req, res, next) {
	const authorization = req.headers.authorization;

	if (!authorization) {
		return res.status(401).json({ message: "No authorization header" });

	const app = new Realm.App({ id: process.env.REALM_APP_ID as string });
	const credentials = Realm.Credentials.jwt(authorization);

	try {
		const user = await app.logIn(credentials);
		req.user = user;
	} catch (err: any) {
		return res.status(401).json({ message: err.message });


Or is there possibly a more low-level setup where I can just verify the JWTs (user accessToken and refreshToken) on the server without even using the SDK?