firebase client validate idToken on client code example
Example: firebase phone authentication web result doesnt have accessToken
firebase.auth().currentUser.getIdToken(/* forceRefresh */ true).then(function(idToken) { // Send token to your backend via HTTPS // ...}).catch(function(error) { // Handle error});