The password should not be sent in the JSON body. Usually, username and password get base64-encoded and send in the 'Authorization' request header.
In principle, there is nothing wrong with Basic Authentication and form inputs.
You may want to follow this tutorial: https://jasonwatmore.com/post/2022/12/27/angular-14-basic-authentication-tutorial-with-example