If you click the GitHub button, Firebase will perform an OAuth2 authentication with you and with GitHub. If you then approve GitHub's request, Firebase will save only an AES-hash of your GitHub user name and an AES-hash of your GitHub OAuth accessToken. The database stores no other identification information and no indication of which one service is approved to use the name and token. Therefore, in the event that the access to the Firebase database is compromised, if the AES encryption of the name and token is compromised, the hacker still would not know which service used those credentials.