Hi @acr,
Welcome to Auth0 Community!
Yes, what you are describing would be an embedded login page, and we generally do not recommend this approach for the security implications outlined here: Centralized Universal Login vs. Embedded Login
If you do decide to use Embedded Login, you must configure your application for Cross-Origin Resource Sharing and should configure a custom domain. You can then implement the Lock SDK or Auth0.js SDK within your application, or call the Auth0 Authentication API directly.
I believe that the best resource we have for an example would be the ready-to-go sample app for Auth0.js that can be used to demonstrate an embedded login.
Hope this helps!
Thanks,
Dave