External authentication without OAuth

I am trying to build a meteor app for use in a hospital. All of the users will be authenticated through an external system via a REST service on the server. I don’t want users to be able to register as new users or to be able to change their password or anything.

What is the best way to do this? I don’t want to write an OAuth server.