Open xantari opened 9 years ago
Hi, @xantari
Thanks for your feedback.
There are many ways to encrypt/decrypt secure tokens. As you can see, both PHP and Java uses Base64 encoding and AES encyrption/decryption approach. I don't think this is the only way for encrypting/decrypting tokens. You can implement your own encryption/decryption method.
data-stoken
is just an attribute and its value can be any value encrypted by any encryption method. If you want to find a good encryption/decryption library, https://github.com/aliencube/CryptoService can be an option, if you like.
Cheers,
I was able to implement this after several hours of experimentation. Googles recaptcha 2.0 requires very specific encryption requirements and hashing of the secret key for them to verify the secure token. You can take a look at my working implementation here which is based off of their Java published example:
Thanks, @xantari
So, as far as I understood your work correctly, Google reCaptcha uses the very specific hashing and encrypting method. Is that right? Actually, when I firstly wrote this code, there was no statement for that. It's probably added later on (or I might overlook that bits).
Could you fork, add yours and send me a PR so that I can merge it? If you don't want to do so, then I'll do it anyway.
Cheers,
Hi Justinyoo,
The secure token functionality of the recaptcha API is only for those who want to use one sitekey and secretkey amongst many sites (rather than tied to a single domain).
As far as merging it, i think you might be in a better position to do this, just look at the call chain for the GetSecureTokenHtml function in the code and you can copy the relevant bits of code from there.
Enjoy!
Google has this feature with recaptcha:
https://developers.google.com/recaptcha/docs/secure_token
However I only find the way to do this with Google's java code, and a PHP example:
PHP: https://github.com/slushie/recaptcha-secure-token/blob/1.0.0/lib/ReCaptchaToken.php
Java: https://github.com/google/recaptcha-java/tree/master/appengine
Unable to get a properly generated secure token using .NET so far...
Thoughts?