This GitHub issue describes how the official Eufy app talks to Tuya: https://github.com/mitchellrj/eufy_robovac/issues/1 - you see that once you get your Tuya User ID from the Eufy API, the actual password to talk to Tuya is actually hardcoded and the same for every user.

I've got some code that implements the "request signature" mechanism (the missing piece of the puzzle in the above issue) that might make this more obvious - you'll notice that the TuyaAPISession class only takes a username (the aforementioned sequential ID) and country code, no password (as it's hardcoded and the same for everyone): https://gitlab.com/Rjevski/eufy-device-id-and-local-key-grab...