Using Realm as an authentication service and a separate backend that then allows the user to connect to separate external APIs, I need to be able to verify that the user is an authenticated user and that their data (only email in this case) match those of the third party external API.

The request to the third party API runs via admin API channels so it's critical to ensure the user is only able to manipulate their own data (orders, subscriptions etc).

As far as I've been told there is no way to verify a user that logged into my frontend if the request has to go via my backend API.

Firebase Admin SDK provides exactly this method here: https://firebase.google.com/docs/auth/admin/verify-id-tokens

To fit into a modern jamstack where multiple external services are tied together, Realm needs something similar.