If i'm using the EmailPassword recipe, is there a way to pass in a custom key to sign the access token that gets generated? Or is it always controlled by supertokens