You’re correct in that the access token won’t be available until the login flow (and action(s)) is complete, but you will have access to the token in the user’s identities array. I don’t see why you couldn’t use the access token available on the user to get those details and add them to metadata outside the scope of an action.
In terms of then getting that on login once set, you’d probably want to add metadata as a custom claim: