I want all third-party applications to be unable to sign up using my passwordless authentication flow. I support both sms and email. I want only my first-party application for the main platform be able to provide sign ups, since I have some custom flow where I require users to be created with both email and sms. I want third parties to be able to only login using email or phone number.