| name | firebase-setup |
| description | Setup and verification checklist for Firebase Authentication in Convy. Use when implementing auth features, onboarding, or when Firebase configuration needs to be verified. |
Firebase Setup Workflow
MANDATORY RULES — DO NOT SKIP
- Never assume Firebase is configured. Always run the verification checklist (Step 5) before proceeding with any auth feature.
- Use questionnaires. Every piece of information needed from the user (project ID, package name, file placement confirmation) MUST be requested via
vscode_askQuestions. Never guess values.
- Existing project. Convy's Firebase project is
convy-6520d with package com.monkeydluisi.convy. If this project already exists, verify — don't recreate.
- SHA keys. Debug and release SHA-1/SHA-256 must be registered in Firebase Console for Google Sign-In to work. Guide the user to generate them via
./gradlew.bat signingReport.
When to Use
- First-time Firebase project setup for Convy
- Implementing/modifying any authentication feature
- Verifying that Firebase is correctly configured across backend and mobile
- Troubleshooting authentication failures
Prerequisites
- Google account with access to Firebase Console
google-services.json file (for Android)
Procedure
Step 1: Firebase Console Setup
Ask the user via vscode_askQuestions:
- Do you already have a Firebase project? What is the Project ID?
- Is Authentication enabled? Which sign-in methods?
- What is the Android package name registered in Firebase?
If the project exists (expected: convy-6520d):
- Verify via questionnaire that Authentication is enabled with Email/Password + Google.
- Note the Project ID — needed for backend config.
If new setup is needed:
- Ask the user to go to Firebase Console.
- Create a project named "Convy".
- Enable Authentication → Sign-in method:
- Email/Password: Enable
- Google: Enable (provides
google-services.json client ID)
- Ask the user for the Project ID via
vscode_askQuestions.
Step 2: Backend Configuration
The backend validates Firebase JWT tokens. Configuration is in backend/src/Convy.API/Program.cs.
- appsettings.json — Add or verify the Firebase section:
{
"Firebase": {
"ProjectId": "your-firebase-project-id"
}
}
- appsettings.Development.json — Same structure with your dev project ID.
- Verify the JWT middleware is wired in
Program.cs:
AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
AddJwtBearer with Authority = https://securetoken.google.com/{projectId}
ValidIssuer and ValidAudience match the project ID
- Environment variables (production): Set
Firebase__ProjectId as environment variable.
Step 3: Mobile Configuration (Android)
Ask the user via vscode_askQuestions:
- Have you added the Android app in Firebase Console with package
com.monkeydluisi.convy?
- Have you added the SHA-1 and SHA-256 debug keys? (Guide them to use
./gradlew.bat signingReport)
- Have you downloaded the
google-services.json file?
- Ask the user to place
google-services.json in mobile/androidApp/.
- Verify the file exists via
Test-Path or read_file.
- Verify the
package_name and project_id inside the JSON match the expected values.
- Verify
mobile/androidApp/build.gradle.kts has the Google Services plugin:
plugins {
id("com.google.gms.google-services")
}
- Verify
mobile/build.gradle.kts (root) has:
id("com.google.gms.google-services") version "..." apply false
- Add Firebase Auth dependency in
mobile/shared/build.gradle.kts (if not present):
implementation("dev.gitlive:firebase-auth:<version>")
Step 4: Mobile Auth Integration
- AuthRepository — Verify implementation uses Firebase Auth SDK:
signInWithEmailAndPassword(email, password)
createUserWithEmailAndPassword(email, password)
currentUser?.getIdToken(forceRefresh) for getting JWT
- Ktor HTTP client — Verify auth token interceptor attaches the Firebase ID token:
install(Auth) {
bearer {
loadTokens { BearerTokens(authRepository.getIdToken(), "") }
}
}
- If using a
StubAuthRepository for development, ensure it returns a valid-looking stub token and is NOT used in release builds.
Step 5: Verification Checklist
Troubleshooting
| Symptom | Cause | Fix |
|---|
| 401 on all API calls | Missing/invalid Firebase token | Check mobile token attachment; verify ProjectId matches |
| Token validation fails | Wrong ProjectId in appsettings | Ensure appsettings Firebase:ProjectId matches Firebase Console |
google-services.json not found | File not in right directory | Must be in mobile/androidApp/, not project root |
| Mobile build fails on Firebase | Missing Gradle plugin | Add com.google.gms.google-services plugin to both root and app build.gradle.kts |
StubAuthRepository in production | DI misconfiguration | Ensure Koin module uses real AuthRepository except in test/debug |