So after a quick discussion there are actually two ways to do it:
1. Auth0.swift and Auth0.android, which redirect to the hosted login page through an external browser if you use the .authorize() method
2. Lock.swift, Lock.android and the .login() method from Auth0.android and Auth0.swift that try to login without the browser redirection
The first one is the recommended way. The first one is more secure as for example keyloggers cannot be used.
Example
Here are the pros and cons for each:
There is a Mobile Apps & Security section that’s helpful in your specific case