How to Manually Trigger Captcha for Testing

Problem Statement

Is there any way to either force a specific user account to always trigger captcha on login OR some additional parameter the auth0.js login request could be given to respond with an error that then triggers the captcha to load?

Solution

Assuming you have all the code changes necessary to be added on the login page to execute the CAPTCHA, there is an indirect way to Manually trigger the CAPTCHA by configuring it to when risky status.

Steps:

  • Make code changes as required in the Custom Auth0 login page for the CAPTCHA enablement.

  • Enable CAPTCHA on the Auth0 side on the tenant level, Go to Auth0 Dashboard → Attack protection → Bot detection → Response → Enforce CAPTCHA On → Set it to : When Risky

  • Now to test this, you can spoof the User-agent header of the browser, You will need to set the value of the User-agent to:
    BadBadUserAgent

How to spoof the user agent
Go to the developer tools of the Chrome browser, and select the extra options highlighted below:

More tools → Network conditions


Uncheck browser default and set the value: BadBadUserAgent

Then please press the update button at the bottom:
image

Once this is done, please call the /authorize endpoint to load the login page, you should see a CAPTCHA