Authentication Flow

Kotha Auth implements the standard OAuth 2.0 Authorization Code flow with PKCE (Proof Key for Code Exchange).

Step 1: Authorization

Redirect the user to the Kotha Auth authorize endpoint with your `client_id` and a `code_challenge`.

GET /oauth2/authorize?response_type=code&client_id=YOUR_ID...

Step 2: Token Exchange

After the user logs in, Kotha Auth redirects them back to your `redirect_uri` with an authorization `code`. Exchange it for an access token by verifying your `code_verifier`.

POST /oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=THE_CODE...