How to implement correctly Google OAuth2 for React/Express shop app

Question

I am building a small mock vinyl shop application with React, Express and Postgres. Its current FE version could be found here.
Right now users can register/login in the traditional way and get access to a (pretty primitive) ordering functionality. Logged in users can see their order history as well.
Now I want to implement Google OAuth2 too. Withe the help of 'react-oauth/google' module I am getting the auth_token (as well as an authuser property which seems to be unique for each of the email addresses I have tested it with).
If I understand the concept correctly I can send the token to my BE, then decode it using 'google-auth-library' and obtain quite a lot of valuable info about the user including email address and names. Before I do this I would like to clarify something though:
My plan is to keep the token and "allow" the user to access the restricted ordering route with it. I have not quite figured it out how am I going to determine on my back end which request is legit but hopefully the decoded token will answer this question? I guess as long as it contains a valid email, I could consider it to be ok?
At this point I am still not "registering" the user - it seems logical and safer to delay this until an actual order has been placed. Then will I create a new user in my DB (and insert the order data in the corresponding table of course). However this idea smells a bit fishy to me:
Since my google user won't have a password to store in my DB I will have to either modify my current table and remove the "required" constraint for password, set some useless default one (just to bypass the constraint) or create a new table just for Google OAuth users. None of these options sound credible to me for various reasons though.
I just would like to know what would be the correct approach in this scenario (which must be quite common) in regards to my database/backend. I expect there would be a few options. But what is the universal approach when combining regular DB users with google authenticated ones?
Thanks.