We did not use AppAuth client against OTK directly,
however, MAG Android has integrated the Social Login module with AppAuth. Instead of providing the AppAuth configuration on the client side, the social login provider information is stored on the server, and MAG proxy all the calls to the social login provider (MAG can be one of the Social Login Provider).
For the flow detail please refer to https://cawiki.ca.com/display/APIMMobile/MAS+Social+Login
To answer your question, we never try it, but the OTK aligns with the rfc spec, and it should work.
For more MAG information you can go to CA Developers, CA Mobile App Services - CA Technologies , which is the SDK designed for CA MAG and OTK.
Hope this help.
Andy Witrisna