I think how @dcoletta broke it down is a great approach. Softr already has an only Google sign-in block already, so I believe #1 is solved.
#2 is the way to fix this. It would be essential to have this as an option as we don’t want to reduce usability for less critical apps (I’m reading PLG now and saw a metric regarding email verification reducing usability). This is where #3 would be handy. I’ve seen apps allow you to login but with limited access until you verify.