It seems in your scenario you just need to know for every user in Auth0 (no matter how they authenticated) what’s the associated payment/subscription information. In this case having a custom OAuth connection for Stripe does not seem applicable as, in general, that would be useful only if you were interested in letting end-users authenticate to your client applications using a Stripe identity (much in the same way they could use a Google identity if you enabled the Google social connection).
As you mentioned, you should not store sensitive payment information as part of the Auth0 user profile. However, it should be fine to store an internal subscription identifier or something similar that would allow you to associate the Auth0 user identity to your notion of payment information. Again, as you said, you can achieve this by storing the identifier as part of the user app_metadata. The exact method through which to create the Stripe customer would be up to you, it could be done from your own back-end after user authentication and selection of a plan/subscription and then you would just update the Auth0 user metadata through the Management API or you could consider creating the Stripe customer from a rule that would have conditional logic to only create this information at first login.