We decided to go with this approach to save complex user flow
- When a Google Auth user signs up
- Use management API to create an email-password account with the same email address
- Use a randomly generated password to prevent security risk
- Set “email_verified”: true (because this email is Google-authenticated already)
- Now link this Google user account with this newly generated email-password user together by the management API