Authenticating with Firebase creates a 24 hour session for the user. This allows you to fetch the current session for the user, as well as logout the user and destroy the session.
I'm throwing my name into the hat as well, I'd love to see authentication with angular fire expanded to explain ACL's as well as complete low level examples (i.e. what happens when the credentials are incorrect or there's no user returned for getcurrentuser?)