How to provide Firebase authentication interface for a third party?

Question

("Superpoints" and "Megashop" used below are fake business names)

I am using Firebase Auth to authenticate users in my (Android) app ("Superpoints"). My users can earn points for using my app, they can later spend when paying for something.

I want to integrate with a partner ("Megashop") in the following way:

1. Alice opens the Superpoints app on her Android phone.
2. In the app she clicks on "Megashop campaigns".
3. A web browser or a web view (whichever is fine for me) for superpoints.megashop.com opens. The opened page has a button like "Login with Superpoints account".
4. Alice clicks on "Login with Superpoints account" and provides her credentials (this can be email+password, log in with phone number, log in with Google Account).
5. The system checks if Alice's accounts exists in my user database and sends back the response to Megashop with Alice's Superpoints membership ID and her balance (for example: "{ memberId: 100500, points: 42 }").
6. After Alice purchases something in Megashop, their checkout hook sends a request to HTTPS endpoint for a cloud function that adds an amount of points (for example, 250 points) to Alice's balance (something like https://app.superpoints.com/accrual?partner=megashop&memberId=100500&points=250).

On my app's website, I do the authentication using FirebaseUI Auth, in the app I'm also using FirebaseUI (library for Android).

Now finally the questions: How to authenticate my users on a third party's site? What are the best practices? Should I build some kind of a gateway for the third party, or is there an easier way for doing that?

Answer 1

This is a classic case of OAuth.

Firebase Auth, as far as I know, does not support acting as a OAuth provider.