This is a somewhat complex case because although technically you can use the same languages and tech stacks in both web and mobile from the perspective of authentication the two platforms have different recommendations/considerations.
From a personal perspective I think would have the logic to perform the login in code specific to each platform and abstract the outcome to the rest of the application code so that business code can be shared. As in, abstract operations like login and obtaining refreshed tokens so that those operations can be performed in accordance to the current platform (and SDK) while the rest of the application just call into these operations without worrying about their different implementation.