The recommended approach for OIDC conformant clients is to use the Auth0 hosted login page to handle sign up/login for your applications. This allows you to start an authentication session in Auth0, allowing for Single Sign On between your applications.
If you don’t want to use the Auth0 hosted login page, you can still use the Resource Owner Password endpoint, which can make use of username/password login. This would require you to use a custom login screen (not Lock), or Auth0.js. See: Auth0.js v9 Reference