Authentication is handled by the Gravity Server authentication process.
When a user opens your app for the first time, they will be asked to sign in (or create a free account). If the user is successfully authenticated on the server, the sign in form executes a callback to the signin method contained in the AppContext and passes the user object.
The sign in process then executes three tasks:
Stores the user object (token, permission, name) in local storage
Sets the Bearer token for all API calls
Prompts the user to allow push notifications (if they haven't already)
Redirects the user to the dashboard
The next time the app is loaded, the authorizeUser method of AppContext will check local storage for the user object, if it doesn't exist, the user is directed to sign in.
User permissions for the client app are stored in /app/config.json under permissions.