We are also having this issue using Auth0.js v9 (9.4.2 in particular) on the hosted login page. Up to 10% of logins fail with with the error “Password login via OIDC-conformant clients with externally-hosted login pages is unsupported. Alternatively, login could have been initiated from the wrong place (e.g., a bookmark).”.
This has been happening since the very day we moved over to Auth0 and so it’s impossible for users to have bookmarked the log in page. I am unable to reproduce the error, but multiple people in the team have had it occur during a normal flow (being redirected to /authorize which then redirects to /login). The user is logged in even though the error occurs, silent authenticating the user after the error succeeds.
It seems that sometimes the hosted login page is believed to be an external login page causing the error, since turning off OIDC Conformance fixes the issue. We are also using a custom domain if that makes any difference.