Awesome, we started the custom auth journey a while ago, but this thread still holds true for anyone looking for more info. The code snippets on the first post cover how to handle exchange of the authorisation code.