I have been using the SafetyNet reCAPTCHA for quite some time. Worked perfectly but since SafetyNet is deprecated, I decided to migrate my integration to a reCAPTCHA Enterprise.
SafetyNet reCAPTCHA was pretty straightforward:
val recaptcha = SafetyNet.getClient(this).verifyWithRecaptcha(BuildConfig.RECAPTCHA_SITE)
recaptcha.addOnSuccessListener(this) { response ->
val token = response.tokenResult
// verify token with https://www.google.com/recaptcha/api/siteverify
}
Making this SafetyNet call, I would get a CAPTCHA loading dialog, and then if the user seems a bot, the usual CAPTCHA with images would appear.
Now, for the reCAPTCHA Enterprise, I am getting a completely different result:
suspend fun validateUser(action: String) {
val recaptcha = Recaptcha.getClient(activity.application, BuildConfig.RECAPTCHA_SITE)
recaptcha.onSuccess { client ->
client.getUserToken(action)
}
}
private suspend fun RecaptchaClient.getUserToken(action: String) {
val execution = execute(RecaptchaAction.custom(action))
execution.onSuccess { token ->
// create assessment
}
}
I can get the client, and can get the token. Now, I need to create an assessment to get the score, but shouldn't a CAPTCHA dialog or something appears when I call the execute(RecaptchaAction.custom(action)) method? Does reCAPTCHA Enterprise only work as an invisible CAPTCHA?
I feel that I am missing something from the documentation, but I really can't seem to understand how this new reCAPTCHA works on Android. Does any one have any experience with it?
CodePudding user response:
It depends which type of reCAPTCHA Enterprise key you created
https://cloud.google.com/recaptcha-enterprise/docs/choose-key-type#differences-keys
If you created a score-based key (recommended) there is no visual challenge, you will get a score back from your assessment between 0.0 and 1.0.
If you created a checkbox key the end user will click a checkbox, and then (possibly) be presented with a CAPTCHA challenge depending if the traffic appears suspicious.
Note that you cannot use checkbox keys if you use the reCAPTCHA Enterprise Android SDK, in this case you can only use score-based keys
https://cloud.google.com/recaptcha-enterprise/docs/instrument-android-apps