Let's say a mobile native app uses an external identity provider like Google+ to login and register its users. At the same time stores app and user specific information on Apigee's BaaS (a.k.a. usergrid). When the user registers in your App using the external Identity provider, you get an short-lived access_token and the user's identity (i.e. Email, name, userId, etc.), then the app needs to register a new user in apigee BaaS (Usergrid), however it seems like you need to set a password, otherwise the user's won't be able to login to BaaS/Usergrid and won't be able to update, save or get any user data via APIs. So, my confusion is how to securely register and login users to Baas/Usergrid and use an external Identity provider for login at the same time?
I did this using Apigee Edge and setting an MD5 hash key of the user name and a secret that I kept in my code. This made a unique password for each user, but one they didn't need to know.
On subsequent logins I generated an access token in Edge and added the BaaS token as an attribute. I also stored my 3rd party service token with the Edge access_token for future orchestration.