The mobile app really shouldn’t be calling FusionAuth APIs. You should be using your backend to call FusionAuth. Usually, this is a proxy style setup, as outlined in this post about OAuth and React. This will work for both OAuth and regular API calls.

If you really want the mobile app to call the OAuth flow directly, make sure you follow the best practices from RFC 8252 (use the browser, not an embedded webview). Here's a React Native tutorial that you can adapt.