For a specific customer requirement, we use Custom UI for user login, instead of universal login provided by Auth0. The idea is to:
have a custom login widget (email, password) on the home page and call Auth0 Login API (for dbconnection) using AJAX.
on successful login, get the token (JWT?) from Auth0 and pass it to the backend, which will then use this to get userprofile.
So, as part of this,I was looking for the specific login API (using email & password) under: https://auth0.com/docs/api/authentication but could not find the one to suit this need. Can you please help with the exact Auth0 API endpoint to use and the steps to invoke it.
NOTE: I was able to figure out the signup/register-user API (get access_token using client_credentials grant and then invoke https://MY-DOMAIN/dbconnections/signup with the access_token) from the documentation and it works fine, but not the sign-in/login one.
The recommendation would always be to go with the universal login; have in mind that in the classic universal login experience you can control the full user interface of that page so if the requirement is due to branding reasons this could be achieved even with universal login.
Having said that, if you already reached the conclusion that you will use embedded login then for a browser-based application (login is performed in client-side logic) you should consider using cross origin authentication (https://auth0.com/docs/cross-origin-authentication). This allows for the user interface to be on the client application itself and still complete a login: given cross origin authentication is meant to be performed using an SDK there’s no documentation of the endpoints at the API level.
Do check the limitations of cross-origin authentication for certain scenarios, in particular, for most use cases you will require to have a custom domain aligned with the domain of the client application using it.