Programming Phoenix LiveView B10.0: Confused about Protecting Sensitive Routes (pages 52 - 60)

On page 52, the topic of “Protecting Sensitive Routes” is introduced with this snippet from router.ex:

scope "/", PentoWeb do
  pipe_through [:browser, :require_authenticated_user]

  live_session :require_authenticated_user,
    on_mount: [{PentoWeb.UserAuth, :ensure_authenticated}] do 
     live "/users/settings", UserSettingsLive, :edit
     live "/users/settings/confirm_email/:token",
       UserSettingsLive, :confirm_email 
     live "/guess", WrongLive
   end
end

Then on page 60, the following snippet is shown for router.ex:

scope "/", PentoWeb do
  pipe_through [:browser, :require_authenticated_user]

  live_session :require_authenticated_user,
    # Specify the shared on_mount callback here
    on_mount: [{PentoWeb.UserAuth, :ensure_authenticated}] do
      live "/users/settings", UserSettingsLive, :edit
      live "/users/settings/confirm_email/:token",
        UserSettingsLive, :confirm_email 
      live "/guess", WrongLive
  end 
end

The only difference I can see is the addition of the # Specify the shared on_mount callback here comment.

So what I am confused by is what has changed that enables us to remove the user = Accounts.get_user_by_session_token(session["user_token"]), session_id: session["live_socket_id"], and current_user: user lines from wrong_live.ex per this guidance on page 60: “With this in place, we can remove the auth code from the WrongLive’s own mount function.”

I have re-read this section several times, but I am still not understanding what that comment (# Specify the shared on_mount callback here) means, since those two router.ex code snippets are otherwise identical.