Solution:
Assuming that you know the user_login or user_email (because you created them via REST API, right?), maybe you can set the auth cookie for blog.example.com right after the user logs in example.com.
With user_login or user_email you can get the $user->ID (using the function get_user_by) from blog.example.com and then try using this function to set the auth cookie:
wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' );
In fact, I didn’t test it, but I can work a little bit on that, eventually, if you still need it.