I went through the docs you mentioned and from my understanding Lock would just be one way to do it. The tokens required for the flow in question can be acquired in a variety of ways, with or without Lock; you may want to check quickstarts associated with the technology stack you’re going to use in your client application.
In addition, for authentication flows that are redirect-based and go through the hosted login page (which does indeed use Lock by default) you can still customize the hosted page to your own requirements and possibly not even use Lock.
For non-redirect flows (like ROPC) your client application would get the tokens directly through the token endpoint so the UI in play here would be only the one used by your client application.