It really depends on the architecture of your application. If you own the service being logged in to, then you can choose either way. The registration code is arguably easier to manage, since it gets typed into a web browser on a phone or computer which has a full keyboard. Alternatively, typing in emails and passwords on the Roku UI is time consuming but will work.

In some cases, the authentication architecture will drive your choice. For instance, the Picta channels we created talk to Dropbox and OneDrive, both of which don't allow you to collect and send a user's login name and password.

From a user's perspective, I'd be very hesitant to use a Roku Channel that required me to enter a username and password on my Roku. There's no easy way for me to determine whether that information is being passed over an encrypted "https" connection. At least when I enter that information on a web browser, I have some degree of assurance that my credentials are sent over a secure connection.