The middle ground is to use Firebase Auth, for authentication, and use our own API for user management.
Find the project on Github.
Express API routes
The idea of having two servers, one for authentication and one for profiling is to deal with the profile server (our API) as a normal data source, with authentication required. The authentication server is expected to send in an access token, which is verified first, before it moves down the pipe of creating and editing user profile. So after signing in and signing up with password, or after signing in with Google, we need to send the token to our Express server to create the user, fetch user, or patch user.
Read on Sekrab Garage