Azure AD and token-based API access
Sign-in runs through Expo AuthSession with Azure Active Directory. On success, the app stores the access token and attaches it to every REST request for patient and insight data.
Unauthorized accounts never leave the sign-in flow; authorized users only see patients returned by the API for their credentials.

Auth token flow and downstream API requests




