I have no knowledge or experience with Firebase specifically, so I will answer generally as it could be applicable to any external App / User Database synchronization.
The password is the tricky part, as WordPress hashes the password before putting it in the database, and so does not by default store the plain text password anywhere for security reasons. This means you would have to either:
- Send the username and password to the App API for storage upon user creation. Then activate those users later when they pay for subscription. However, this may mean you end up with a lot of inactive users in your App (who didn’t buy a subscription after signup) which you would probably have to clean up (expire) regularly.
OR
- Save the plain text password to user meta upon user creation. Normally this would not be recommended, but if “anyone can register” for a WordPress subscriber account, which you are using to make a “real” membership later, then it’s not really much of a security hole – as the free subscriber role has no extra privileges anyway. Then when they make a paid subscription, you can send the stored password to the App API with their membership and make sure to delete it from the user meta.
In either case, you would also need to add some code to synchronize a new password with via the App API in the case that the user changes it through their profile page.