Embedded login allows your users to log directly into your application and transit their credentials to the Auth0 server. There are security concerns with this approach, particularly if you do not use the Auth0 Custom Domains feature because that scenario can potentially expose your application to cross-origin authentication issues. To learn more, read Cross-Origin Authentication.
If you must implement embedded login, you should set up a custom domain to mitigate those security vulnerabilities. You can then use one of our libraries (such as the Lock Widget or auth0.js SDK) to implement login in your application or do use our API.