Do Auth0 has a policy for using custom scripts in the hosted login page from customer’s CDNs? For example I want to use self hosted modified version of Lock.js from my own CDN.
Yes, you are allowed to host custom JS libraries in your CDN including the modified version of Lock.js and reference it in the hosted login page.
However note that, we provide support for Lock.js if the problem is reproducible in the officially supported version. Otherwise issues introduced during the customisation in your side needs to be handled by your team.
Also any outage in your CDN causing login system not work should also be resolved by your team and it is not covered by our SLA.