We are looking into using Amazon Cognito as the Open ID Connect provider and using a custom Identity Provider which will be Auth0. I found the following information:
But one piece of this article is perplexing:
You can use Auth0 Lock to log the user in. You can read detailed instructions on how to implement Lock in the libraries documentation.
Does this mean I have to use Lock as the login form in this flow or can I provide my custom login form? I tried to find the setting where I can set my custom form on Auth0 but I can’t find it.
I went through the docs you mentioned and from my understanding Lock would just be one way to do it. The tokens required for the flow in question can be acquired in a variety of ways, with or without Lock; you may want to check quickstarts associated with the technology stack you’re going to use in your client application.
In addition, for authentication flows that are redirect-based and go through the hosted login page (which does indeed use Lock by default) you can still customize the hosted page to your own requirements and possibly not even use Lock.
For non-redirect flows (like ROPC) your client application would get the tokens directly through the token endpoint so the UI in play here would be only the one used by your client application.