Hi Rodrigo,
Yes, absolutely you can. In short, Users of your clients (mobile/desktop) would go through an action flow which authenticates them against your identity provider (served by your application) which, if successful, would provide the client they are using with a token. That issued token can be used as credentials for the webservice - it basically says "The user has allowed me to act on their behalf, and the Identity Provider gave me this token as proof - please assume I am them".
Much simplification going on there but you should get the point.
Regards
David