I would have just added a comment to this answer, but I don't have a high enough reputation.
I'm confused by this comment in the accepted answer:
OIDC is REST based - no needs for a browser.
I'm assuming (possibly incorrectly) we're talking about the Authorization Code grant-type. How does the mobile app acquire the Authorization Code if not as the result of the user entering their username and password into the HTML form provided by the OP (OpenID Provider). If the user was previously authenticated, the OP would know that by retrieving the SSO session cookie stored in the browser's cookie cache. So, it seems to me that all the interactions with the OP can not be completed without the use of a browser.
The IETF (Internet Engineering Task Force) RFC 8252 proposal describes this step as follows:
Apps can initiate an authorization request in the browser, without the user leaving the app, through the "SFSafariViewController" class or its successor "SFAuthenticationSession", which implement the in-app browser tab pattern.
Apologies for confusion.
The OIDC REST call is to the authorise endpoint. The IDP that owns the endpoint will display a login screen normally via a browser.
So yes you need a browser but what I was trying to say was that the OIDC protocol is just REST calls.