I have implemented "twitter authentication" on my firebase app. as described here: https://www.firebase.com/docs/web/guide/login/twitter.html
It works very well.
Once the user is logged in, he is also able to send some requests to my domain by using XMLHttpRequest.
It has just dawned on me that a person using "Chrome Dev Tool" could intercept that and tamper with my username.
Is there a way I can solve this problem ?
Example: Imagine I have my site running here:
My concern is that the sign-in does not save me from a person mucking about with the Chrome console and change the username.