@konrad.sopala I don’t think he’s looking for the /authorize endpoint - which “returns a
302 redirect to the Auth0 Login Page that will show the Login Widget where the user can login with email and password.” - he wants his users to input a username/password on his own UI hosting on his server. I don’t like how auth0 uses misleading words to say ‘you can use your custom UI’ it makes people think they can build their own login form and just hit an auth0 endpoint to return an access token when in reality there’s no way to log in without going to the lock widget page <-- this has been my experience - if there is a way to use a custom login form and just hit an auth0 endpoint to get an access token back, then please enlighten me because I haven’t found a way to do it and I’ve been using auth0 for over a year now. The endpoint that lock hits to login is the following: POST /usernamepassword/login but that’s not documented anywhere as far as I know - all I see are the GET /authorize which redirects to lock
I do know a user can sign-up using the pure API endpoints, but sign-up from my experience (correct me if i’m wrong) doesnt return an access token .
@gaganm you can use a custom sign-up form and hit the endpoint here: https://auth0.com/docs/api/authentication#signup which will create an auth0 user account but to log in you still have to go through the lock widget - which is really annoying in my opinion but I do understand that it’s a security issue. The reason it’s annoying is because I’ve seen people avoid signing up / logging in when they get redirected to auth0 lock - so it’s not good for marketing/sales channels. The only way to use a login endpoint and host your own login form from within your app is to use embedded login with cross-origin verification: https://auth0.com/docs/cross-origin-authentication