Java

How to properly implement authorization in Spring Rest for mobile and web applications?

Guys please help me.

I'm trying to build a Rest api in Java, where the clients will be
Mobile applications (Android, IOS)
AND a web application.

And so, you need to make authorization:
native and using social networks (Google, Facebook, Vk
and possibly Apple ID).

The problem is the following, I do not quite know how to properly implement Rest authorization with mobile and web applications.
I have already re-read almost everything, but nothing has cleared up
(Or maybe I just got more confused.
Initially I thought just jwt instead of sessions and that's it.)

What I learned
1. Use single sign-on (SSO) technology
2. To implement authorization for mobile and web applications, you need to use Oauth2. Hence , Authorization Server , Resource Server and Client.

3. Instead of sessions, jwt tokens

Tools chose the following:
Spring Security + Spring Authorization Server + hibernate + MySQL

But when I started collecting I ran into a problem, since mobile applications are a public client,
i.e. use Authorization Code + PKCE, but there are no examples of implementations .

I read that there is such a Keycloak.
But I'm not sure if it suits me.
Somewhere in the comments I read that it is not quite suitable for saving users to your database.

Tell me please ,
how to properly implement authorization in rest for mobile and web applications.
And in general, am I on the right track?

And what would be more suitable for my project: Keycloak? Ory Hydra?

I'm new to rest and haven't worked before, but I've only recently learned about Oauth.

I will be grateful)