Hey there!
I’m not a PHP pro but will try to help. Basically all of our SDKs including the PHP one are the main layer to easily interact with our Authentication and Management APIs so that you don’t have to craft each request yourself. So this way you won’t be able to achieve directly what you want. If you don’t want to use Lock you can go for doing it through the API.
Here’s the doc on how to achieve this: