I would highly recommend using a simple redirect to /authorize and putting your custom UI in your Auth0 configuration. This is conforms to OIDC standards, and in the long run ends up a much better experience for customers and developers as your application ecosystem grows and you add more and more applications. You get a better SSO experience, and still have all of the control over the look and feel of the UI.
If you cannot use the above method then there are two ways that you can do an embedded form.
The first is to use cross-origin authentication.
Auth0.js can help with this. NOTE: that this flow only works in all environments if you are using custom domains.
The second would be to have your backend service call Auth0 using the Resource Owner Password Grant flow. This second method is not generally recommended except in cases where you really cannot use either a redirect flow to authorize, or the cross-origin-authentication. Since you must use a client secret, you will want to make this call from your backend only, not from the client side of your application. NOTE: this method requires a great deal of trust between your frontend, backend and the authorization service. It is rarely recommended to use this path and should only be used as a last resort.