CAPTCHA node

The CAPTCHA node adds CAPTCHA support by verifying the response token received from the CAPTCHA provider and creating a callback for the UI to interact with.

By default, the node is configured for Google’s reCAPTCHA v2.

Compatibility

Product	Compatible?
ForgeRock Identity Cloud	Yes
ForgeRock Access Management (self-managed)	Yes
ForgeRock Identity Platform (self-managed)	Yes

Product

Compatible?

ForgeRock Identity Cloud

Yes

ForgeRock Access Management (self-managed)

Yes

ForgeRock Identity Platform (self-managed)

Yes

Inputs

None. This node doesn’t read shared state data.

Dependencies

You need to sign up for access to the reCAPTCHA API to get the API key pair required for configuring the node.

Configuration

Property Usage

Property	Usage
CAPTCHA Site Key (required)	The CAPTCHA site key supplied by the CAPTCHA provider when you sign up for access to the API.
CAPTCHA Secret Key	The CAPTCHA secret key supplied by the CAPTCHA provider when you sign up for access to the API.
CAPTCHA Verification URL	The URL used to verify the CAPTCHA submission. Use `https://www.google.com/recaptcha/api/siteverify`.
CAPTCHA API URL (required)	The URL of the JavaScript that loads the CAPTCHA widget. Use `https://www.google.com/recaptcha/api.js`.
Class of CAPTCHA HTML Element	The class of the HTML element required by the CAPTCHA widget. Use `g-recaptcha`.
ReCaptcha V3 node	If you’re using Google reCAPTCHA, specify whether it’s v2 or v3. Turn on for v3.
Score Threshold	If you’re using Google reCAPTCHA v3, enter a score threshold. The CAPTCHA provider returns a score for each user request, based on observed interaction with your site. CAPTCHA "learns" by observing real site traffic, so scores in a staging environment or in a production deployment that has just been implemented might not be very accurate. A score of 1.0 is likely a good user interaction, while 0.0 is likely to be a bot. The threshold you set here determines whether to allow or deny access, based on the score returned by the CAPTCHA provider. Start with a threshold of 0.5. Learn more about score thresholds in the Google documentation.
Disable submission until verified	If selected, form submission is disabled until CAPTCHA verification succeeds. Default: Enabled

CAPTCHA Site Key (required)

The CAPTCHA site key supplied by the CAPTCHA provider when you sign up for access to the API.

CAPTCHA Secret Key

The CAPTCHA secret key supplied by the CAPTCHA provider when you sign up for access to the API.

CAPTCHA Verification URL

The URL used to verify the CAPTCHA submission.

Use https://www.google.com/recaptcha/api/siteverify.

CAPTCHA API URL (required)

The URL of the JavaScript that loads the CAPTCHA widget.

Use https://www.google.com/recaptcha/api.js.

Class of CAPTCHA HTML Element

The class of the HTML element required by the CAPTCHA widget.

Use g-recaptcha.

ReCaptcha V3 node

If you’re using Google reCAPTCHA, specify whether it’s v2 or v3. Turn on for v3.

Score Threshold

If you’re using Google reCAPTCHA v3, enter a score threshold.

The CAPTCHA provider returns a score for each user request, based on observed interaction with your site. CAPTCHA "learns" by observing real site traffic, so scores in a staging environment or in a production deployment that has just been implemented might not be very accurate.

A score of 1.0 is likely a good user interaction, while 0.0 is likely to be a bot.

The threshold you set here determines whether to allow or deny access, based on the score returned by the CAPTCHA provider.

Start with a threshold of 0.5.

Learn more about score thresholds in the Google documentation.

Disable submission until verified

If selected, form submission is disabled until CAPTCHA verification succeeds.

Default: Enabled

Outputs

None.

Outcomes

True: The CAPTCHA response was successfully verified.
False: The CAPTCHA response wasn’t verified or failed verification.

Errors

This node can throw exceptions with the following messages:

CAPTCHA response required for verification
Unable to verify CAPTCHA response
Unable to retrieve state from token response
No secret key found

Example

The following journey uses a Page node and a Data Store Decision node to collect and verify the credentials and a CAPTCHA response:

This example uses the following nodes:

The Page node prompts the user to input their username and password:
- The Platform Username node collects the username and stores it in the shared state.
- The Platform Password node collects the password and stores it in the shared state.
- The CAPTCHA node collects and verifies the CAPTCHA response.
The Data Store Decision node uses the username and password to determine whether authentication is successful.