Confused on which authentication flow to use

I’m currently developing an application that has the following requirements:

SPA + backend API
Needs custom login screen ( embedded login )

I also want to use refresh tokens so the UX experience is seamless. I’ve been looking at the different authentication flow and I think I need to use Authorization Code Flow with PKCE? but I’m not entirely sure.

Do you serve the SPA with your custom backend? Because then you can simplify your setup dramatically by using cookies, read more here.

And also, when we adopted auth0 in my company we started with embedded login - but after many discussions, we ended up doing universal login. Are you really sure you need embedded login?