CAPTCHA node
The CAPTCHA node adds CAPTCHA support by verifying the response token received from the CAPTCHA provider and creating a callback for the UI to interact with.
By default, the node is configured for Google’s reCAPTCHA v2.
Compatibility
Product | Compatible? |
---|---|
ForgeRock Identity Cloud |
Yes |
ForgeRock Access Management (self-managed) |
Yes |
ForgeRock Identity Platform (self-managed) |
Yes |
Dependencies
You need to sign up for access to the reCAPTCHA API to get the API key pair required for configuring the node.
Configuration
Property | Usage |
---|---|
CAPTCHA Site Key (required) |
The CAPTCHA site key supplied by the CAPTCHA provider when you sign up for access to the API. |
CAPTCHA Secret Key |
The CAPTCHA secret key supplied by the CAPTCHA provider when you sign up for access to the API. |
CAPTCHA Verification URL |
The URL used to verify the CAPTCHA submission. Use |
CAPTCHA API URL (required) |
The URL of the JavaScript that loads the CAPTCHA widget. Use |
Class of CAPTCHA HTML Element |
The class of the HTML element required by the CAPTCHA widget. Use |
ReCaptcha V3 node |
If you’re using Google reCAPTCHA, specify whether it’s v2 or v3. Turn on for v3. |
Score Threshold |
If you’re using Google reCAPTCHA v3, enter a score threshold. The CAPTCHA provider returns a score for each user request, based on observed interaction with your site. CAPTCHA "learns" by observing real site traffic, so scores in a staging environment or in a production deployment that has just been implemented might not be very accurate. A score of 1.0 is likely a good user interaction, while 0.0 is likely to be a bot. The threshold you set here determines whether to allow or deny access, based on the score returned by the CAPTCHA provider. Start with a threshold of 0.5. Learn more about score thresholds in the Google documentation. |
Disable submission until verified |
If selected, form submission is disabled until CAPTCHA verification succeeds. Default: Enabled |
Outcomes
True
-
The CAPTCHA response was successfully verified.
False
-
The CAPTCHA response wasn’t verified or failed verification.
Errors
This node can throw exceptions with the following messages:
-
CAPTCHA response required for verification
-
Unable to verify CAPTCHA response
-
Unable to retrieve state from token response
-
No secret key found
Example
The following journey uses a Page node and a Data Store Decision node to collect and verify the credentials and a CAPTCHA response:
This example uses the following nodes:
-
The Page node prompts the user to input their username and password:
-
The Platform Username node collects the username and stores it in the shared state.
-
The Platform Password node collects the password and stores it in the shared state.
-
The CAPTCHA node collects and verifies the CAPTCHA response.
-
-
The Data Store Decision node uses the username and password to determine whether authentication is successful.