Auth0 Home Blog Docs

Invisible Recaptcha v2 with Lock

lock

#1

Hi

I am trying to implement the invisible Google ReCAPTCHA v2 with the Lock sign up form.

The problem I am facing is I cannot make the recaptcha element mandatory as that would mean every user (not just bots) would have to solve the captcha puzzle. The issue that arises is when it is a bot, the Lock sign up fields are correctly filled (no validation error) and submit button is clicked, Lock simply submits the form and doesn’t care about whether the Captcha is solved or not. The form shouldn’t get submitted unless a valid captcha token is received in the captcha callback. Any workaround possible for this?

The form needs to be prevented from being submitted if captcha puzzle is presented but is not validated yet (not captcha token available in callback)

Note: I can make the explicitly rendered recaptchav2 work by forcing the captcha form element as mandatory. That wouldn’t let the form to be submitted unless it has value. Can’t do that for invisible recaptchav3 as the intention is valid users shouldn’t be bothered.


#2

Are you looking to do this on signups only, or logins as well?
When you say:

I can make the explicitly rendered recaptchav2 work by forcing the captcha form element as mandatory

How did you make this work? Where do you send the captcha token and how do you handle the token backend validation?


#3

Hey @nicolas_sabena Not doing a separate backend validation to decode the token for V2. The implementation is somewhat in the lines of https://gist.github.com/sandeepneerarambham/cfec8a34266883d40ccd325cd8635ad2

We are also setting a required attributre to #g-recaptcha-response so that form doesn’t submit without the recaptcha being solved (i.e #g-recaptcha-response having a value)