Closed waleko closed 2 years ago
@waleko why did you close this ticket? I believe that reCAPTCHA would be an awesome feature for this library...
@AnthonyNahas sorry, it was a misclick
@jeandat what do you think about this feature?
I don't know much about reCAPTCHA (I'm not using it) but as I understand it, reading google reCAPTCHA v3 documentation you need to integrate a script working in the background that will provide you with a score on demand. This script should be integrated in several places in your app to maximise precision.
The difference with v2 is that user is not bothered with a challenge. This is transparent and you can use it in more contexts. So i guess most people today will use v3 over v2. Thus, IMO ngx-auth-firebaseui
should not integrate the famous checkbox (reCAPTCHA v2) which will disappear progressively.
Regarding v3 if it was integrated, what would be the scenario/interactions between reCAPTCHA and ngx-auth-firebaseui
?
Consumers of this library are already free to compute a score before showing ngx-auth-firebaseui
component and decide whether or not it is safe to pursue.
@waleko In your mind what should be ngx-auth-firebaseui
behavior? What would you want it to do?
@jeandat At first I thought of using built-in RecaptchaVerifier class, which uses a checkbox. reCAPTCHA v3 is a good idea, but it returns a score for each request, so we would still need a reCAPTCHA v2 for dealing with low score users or something entirely different. For example reCAPTCHA documentation suggests requiring 2FA or email verification:
reCAPTCHA v3 will never interrupt your users, so you can run it whenever you like without affecting conversion. reCAPTCHA works best when it has the most context about interactions with your site, which comes from seeing both legitimate and abusive behavior. For this reason, we recommend including reCAPTCHA verification on forms or actions as well as in the background of pages for analytics.
Use case Recommendation ... login | With low scores, require 2-factor-authentication or email verification to prevent credential stuffing attacks. ...
So, if we would be using v3, we would still need the v2 checkbox, because 2FA and email verification are only available with EmailAuthProvider
and unapplicable for some providers.
So, in my opinion, v3 is too advanced and ngx-auth-firebaseui
should just implement the standard v2 checkbox.
If recaptcha v2 is integrated, it must be an opt-in option IMO.
Yeah, I agree. I think it should just be mentioned in the docs, so people who need it can turn it on.
Any progress on this issue?
hello, i need this feature too
Bug Report or Feature Request (mark with an
x
)Is there an easy way to have a recaptcha verifier with ngx-auth-firebaseui? I looked up the documentation and haven't found a thing. I think it would be a pretty useful feature.