I just posted a related question to your first one.
The documentation says that we need to use a custom param that is passed via the /authorize endpoint URL so that we can identify if the user should see the login or sign-up experience. Passing data to the hosted login page: With Solution!
However, it appears that the /authorize endpoint now strips away ALL custom params, even the ones that are supposedly whitelisted (such as display and login_hint which I used in my example).
I’m posting here, because these questions are related and because what I’ve found in the documentation isn’t working out as it’s supposed to.