It's also worth noting that we strongly recommend using the Authorization Code grant and redirecting to FusionAuth's hosted login pages, rather than using the Login API.
This has the following benefits:
you don't have to worry about any other architectural components handling credentials, which are highly valuable to an attacker this solution works across almost all mobile and web applications, whether custom or COTS or OSS, as opposed to being limited to React SPAs you get FusionAuth's app to app single sign-on when there is a new workflow added, implementing it is a matter of configuring FusionAuth correctly rather than modifying your code to add a new component; an example would be adding a social provider or magic linksWe understand that this sometimes comes at a cost of UX complexity as you need to sync or at least align your UX between two different systems. This is why we offer the Login API as @Alex-Patterson mentioned; it's an escape hatch if redirecting just won't work.
We also have themes to support customizing the FusionAuth hosted login pages, including this example which uses Tailwind.