js: switch Firebase auth to bring-your-own project setup#409
Merged
Conversation
The bundled firebase_config.json pointed at android-emulator-webrtc-demo, a Firebase project that nobody on the current team has access to. The Firebase sign-in path was therefore broken-by-default for anyone cloning the repo (flagged previously in 5197542 — "Envoy not recognizing Firebase tokens"). Rather than re-point at another shared project (which would inherit the same long-term abandonment risk and require a long-term owner), restructure the demo so each contributor configures their own Firebase project: - Replace firebase_config.json with firebase_config.example.json. The real file is gitignored; users copy + fill in values from their own Firebase web app config. - Convert develop/envoy.yaml and docker/envoy.yaml to .template.yaml with a __FIREBASE_PROJECT_ID__ sentinel. The rendered .yaml files are gitignored. - Fix the no-op str.replace() bug in config_gen.py — the return value was discarded, so the in-place envoy.yaml substitution silently did nothing for every contributor who ran the script. Rewrite around a clear template -> output render pattern, with input validation that rejects placeholder values. - Add a fail-fast check in login_firebase.js so an unconfigured setup produces an actionable error at module load instead of a cryptic Firebase SDK auth error after a user click. - Document the two auth paths in README.md: self-hosted JWT (jwt-provider/) as the recommended deployment path, Firebase as a quick-start demo with a step-by-step BYO walkthrough. The self-hosted JWT path (js/jwt-provider/ + js/docker/) is unchanged and remains the production-grade option that doesn't depend on any external identity provider. Verified end-to-end against a Firebase project I own: config_gen.py generates an envoy.yaml byte-identical to the previous committed file (modulo the project ID substitution), the fail-fast permits valid configs and rejects the placeholder template, and the full sign-in -> gRPC -> WebRTC video flow still works.
This was referenced May 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
js/firebase_config.jsonships values forandroid-emulator-webrtc-demo, a Firebase project nobody on the current team has access to. The Firebase sign-in path has therefore been broken-by-default for some time — explicitly flagged in 5197542 ("Envoy not recognizing Firebase tokens"). Re-pointing at another shared project would inherit the same long-term abandonment risk, so this PR restructures the demo so each contributor configures their own Firebase project.The self-hosted JWT path (
js/jwt-provider/+js/docker/) is untouched and remains the recommended production setup; this PR only addresses the Firebase quick-start.What changes
js/firebase_config.jsonfirebase_config.example.json(template with placeholders). Real file is gitignored.js/firebase_config.example.jsonjs/develop/envoy.yaml→develop/envoy.template.yaml__FIREBASE_PROJECT_ID__sentinel. Rendered output is gitignored.js/docker/envoy.yaml→docker/envoy.template.yamljs/config_gen.pytxt.replace(search, replace)returned a new string but wasn't reassigned — the in-place envoy substitution silently did nothing for anyone who ran it). New version renders templates → outputs, rejects placeholder values with a helpful error.js/src/components/login_firebase.jsjs/.gitignorefirebase_config.json,develop/envoy.yaml,docker/envoy.yaml(all now per-contributor generated artifacts).src/config.jswas already ignored.js/README.mdSetup (post-merge, for any future contributor)
Full walkthrough including Firebase console steps is in the updated
js/README.md.Test plan
Verified locally against a Firebase project I own (this PR happens to land on top of the v11 SDK migration #408, so it inherits that fix automatically):
config_gen.py firebase_config.example.jsonexits non-zero with the helpful "placeholder values" errorconfig_gen.py firebase_config.json(with real values) writes 3 files quietlydevelop/envoy.yamlis byte-identical to the previous committed file modulo the project ID substitution (diffshows zero output againstgit show upstream/master:js/develop/envoy.yaml | sed s/.../...)docker/envoy.yaml— samegit statusis clean after runningconfig_gen.py(all generated files gitignored)Notes for reviewers
.template.yamlfiles diverge from upstream's.yamlfiles only by the project ID literal (android-emulator-webrtc-demo→__FIREBASE_PROJECT_ID__) — see the rename diff in the file tree (97% similarity, both files).js/firebase_config.jsonwas the only deleted file. Removing it doesn't break any committed reference —config_gen.pyis the only consumer and now generates from.example.json-> user-suppliedfirebase_config.json.