You can use a custom auth system and crate a session between your app and a server then have them login through web browser or in app browser.
Or if you don’t have a sever for persistent auth, then use an in app browser session or something and use implicit auth and grab the access token from the return url. You can just use local host and let the redirect fail and grab the access token and close the browser programmatically.