Am I correct to assume that you don’t want users to login with Social Login (for which signup and login is actually the same, no difference), unless they already have an existing username+password account in Auth0? If this is the case, you cannot avoid the signup, but can block the authentication via Rule (nevertheless a user profile get created in Auth0, he just can’t login).
Just curious: why do you do the signup with custom UI and API on your end, and not also via the Auth0 hosted widget? Any special requirements that force you to do it this way?