To your first question, I haven't found a way around this. I've seen people post the same "problem" as far back as 2018:
I don't think there is a work-around.
To your second question, I managed to get a password-less/magic link authentication system going with a Chrome Extension.
It involved writing my own REST API server to dispense and handle password-less auth using JWT(JSON Web Tokens).
Basically, when the user clicked on the link in their e-mail, they were redirected to a URI of my REST server. Upon being redirected, I sent and embedded cookies within the browser; cookies of course, specific to my REST API's domain.
Then, my Chrome Extension would just look for those cookies, "log" the user in, and go from there.
I haven't tried Firebase's password-less functionality.