Yes: If you have a mobile backend web server for your native app, you can use one of the typical OAuth flows for web applications: the client-side (implicit) flow or the flow for server-side web apps. The same considerations apply: Do you need long-lived “offline” access from your mobile app’s backend server? Use the server-side web app flow. Or do you need short-lived one-time access directly from the native app? Use the client-side implicit flow.

When using the server-side web app flow and passing an authorization code to your server, the user of the app will still need to be authenticated to the app backend, similar to how a user is authenticated to web application servers using session cookies.

No: If your application does not have a mobile backend web server powering it, you need to use some type of native application flow. This can be very similar to the server-side web app flow or the client-side implicit flow, but there are two restrictions: you don’t have a web server to use for the redirect_uri, and you should maintain the confidentiality of any client_secret values, which are sometimes required for the server-side flow.

Depending on the mobile platform you’re ...