As specified in this community post, you must create two different /authorize links for your users. One sends them to an email/password connection, and the other to a passwordless connection if you want to support both sign-in methods:
If you have any other questions, feel free to reach out.