I’m in a situation where I’m using auth0-js inside an angular app for passwordless login via the WebAuth.passwordlessStart method. I have set up an action in auth0 during pre-user registration where I would like to receive a parameter off the event or api object for further user verification. More specifically, I have added a recaptcha on the login page and would like to send the recaptcha token through to my pre-user registration action so I can call out to google’s recaptcha verification endpoint inside the action and admit or deny the user based on google’s response. This would ideally happen when calling passwordlessStart instead of passwordlessLogin, but either scenario is acceptable.
Looking at the docs, auth0 doesn’t support recaptcha in passwordless authentication scenarios, but our use case calls for it and wanted to know if there was a way to support this.
We recently updated Lock to add support for captcha on passwordless flows, see here https://github.com/auth0/lock/releases/tag/v11.35.0 so you should just be able to configure it via Security > Attack Protection > Bot Detection:
As this topic is related to Actions and Rules & Hooks are being deprecated soon in favor of Actions, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!
