Firebase clients authenticate using a secure token called JWT. This JWT must be generated by a trusted server somewhere (it cannot be generated on your clients, or we could not verify its authenticity).
If you want to specifically authenticate with a username (and not email) and a password, and you want to save authentication credentials (for example, a hashed password), you can do it in Firebase, but you will need a server somewhere to compare the password, which someone logs into your application with this hashed password, and then generate a custom JWT token. See Docs here: https://www.firebase.com/docs/security/custom-login.html
So that developers do not run the server code for this usual case, we provide the Firebase Simple Login service, which will generate these tokens for you. It works for email / password, Facebook, Twitter and some other common login types. Here you can see the documentation. https://www.firebase.com/docs/security/simple-login-overview.html