Is there a way to use the EmailPassword SDK to validate credentials, Is it a case of overriding sign-in POST so that it doesn't create a session in the backend? Would be for use cases where the user is confirming a password to action something in the system, but already has an active session