Seamless SSO for an Iris App that leverages Domino data via DOmino REST APIs

Did anybody find a solution for authentication a mobile app in a typical way (logon after app installation, stay logged on until you log off, use FaceID to secure access)? We would like to build an Iris app that leverages Domino Data over the domino REST APIs using that authentication mechanism.

The presented way of using the keep IDP in the foundry app does not fulfill these requirements, it permanently asks for oauth approval on accessing data again and again...

In our case, we would like to use Azure AD SSO as the SSO service for the app for employees as well as for guest users of our tenant. Did anybody already succeed in that?