Your best option for letting the user enter credentials is roKeyboardScreen. http://sdkdocs.roku.com/display/sdkdoc/roKeyboardScreen

It should also be noted that making a user type out their full username and password can be pretty cumbersome. You might want to consider the pairing method instead where a user is given a unique pair code by your API, and then while the user is already logged in on their account at the website, they enter that pair code and the association is made that way instead of having to type with the Roku remote

As well as being cumbersome, it could present a huge security problem if your users are typing their credentials on a Roku screen, which gets sent to some server. Unlike with a web browser where you have some degree of assurance that a web page is sending data (encrypted) using "https", a Roku user has no assurance that anything typed on a Roku screen is not being sent over the internet in plain text over an unencrypted connection for the whole world to see. I for one would not trust any Roku channel that required me to enter my login credentials on a Roku screen.

Roku recommends what it calls "rendezvous style registration" and use of an roCodeRegistrationScreen to have the user authenticate themselves on their computer then enter a registration code on their Roku. Some web sites (Google/Youtube, etc.) use OAuth2 authentication which, if it's already implemented on the server side, is very easy to implement in a Roku client. I'm not even sure whether Roku would approve public channels that send unencrypted plain text login credentials, due to the security risks imposed.

Here are some links:

Developer Guide - Registration
Design Guidelines - Linking Screen
Component Reference - roCodeRegistrationScreen
Roku SDK Examples (see register.zip)