So lets say I create a new app (without client secret) in the same pool to be used specifically for the web app. Would my mobile users who are currently part of App A in the pool, be able to log into Cognito via App B (the one I would configure for web)?
What is the recommended approach here to allow mobile users to still be able to log into cognito via web?
Yes, you can create a new app client on your User Pool for use with your web interface. User accounts are associated with the User Pool, and not associated with the client apps they use. A user account can authenticate against a User Pool using any properly configured app client. The User Pool App Settings documentation notes that you’d typically create a different app client for each platform, so making a different client for your web interface is perfectly normal.