OAuth 2.0 protocol in native Apps, e.g. Instagram

I am currently building an API for my native App and want to implement the OAuth 2.0 protocol for authentication. If I take a look at companies like Instagram, Facebook or Twitter I wonder how they are handling the authentication process of their own native App (not third-party).

So Instagram for example is using the OAuth 2.0 protocol to protect their API endpoints (here). Related to their developer platform they offer you - as a third-party developer - the possibility to use their API and authenticate your own App via Server-side (Explicit) or Implicit flow. All of these flows require the user to authenticate via an In-App browser (or system browser).

Like I said before, I am wondering how these Apps are handling the authentication in their own Apps. The user doesn't get redirected to any browser to authenticate. They could use the Explicit flow and store the client_id and client_secret for example in Keychain (iOS). But Instagram is telling third-party developers "You should never pass or store your client_id secret onto a client. For these situations there is the Implicit Authentication Flow.".

I don't want the user to get redirected in my own App. The user should be able to use a login/signup form within the native App.

Does anyone have an idea or insides on how Instagram etc. are doing it? I am really curious and appreciate any helpful answer. :)