How can we prevent user from signing up with username and password?

we want our users to only login with account kit and don't want someone try to sign up with email address or other login methods.

we don't provide this as our auth but someone can create a custom login code and try to manipulate our parse server to bypass the auth method.

oauth: {
        accountkit: {
            appIds: '',
            appSecret: ''
        },
        **email: false**
     },

is there any option to disable legacy signup method? (email: false)?

you can use parse cloud code to limit regular sign ups.

Here is an example of how you can do this:

(Please note that if you are using parse-server prior to v-3.0.0 which use js sdk less than 2.0), you can't use es6 promise. You should use callback instead. code for parse-server 3.0.0 and above

Parse.Cloud.beforeSave(Parse.User, req=>{

    if (!req.original && !req.master){
    // if it's the first time - object creation - and it's not a master user

        if (req.object.get('username') || req.object.get('email')){
            throw 'Sign Up disabled.'
        }
    }
});