jacobobryant
commented
2 years ago This is expected behavior, unless human? is throwing an exception. With v2, if the user looks like a bot, then after they hit the subscribe button, they'll get a popup recaptcha test (the image classification thing). success will only be true if they pass that test. With v3, success will always be true as long as the user submitted a valid token. Instead of a pass/fail, v3 includes the score parameter so you can decide how strict you want to be for different actions. So if the score parameter is missing, we assume they're on v2, in which case success being true is sufficient. (which is why we have (or score 1) -- in biff's example project I made it more explicit though: (or (nil? score) (<= 0.5 score)))
I wasn't aware of v2 invisible tokens when I started using v3 tokens. IMO v2 tokens are better for email signups because if the user fails the test, you want to give them a chance to do it again/prove themselves. Whereas v3 tokens might be better for something that you just want to keep tabs on without changing the user flow. e.g. maybe you keep track of the score for comment submissions on a discussion website. If you suspect that you're getting an increase in bot comments, you could then go back and see the score values after the fact. Or something like that.
Maybe v3 is also good if you have a large app with a bunch of different actions you want to protect, all with different levels of importance (and hence you want to set different score thresholds from your application code).
jeffp42ker
The
config.edn.TEMPLATEsays to create a "v2 Invisible" recaptcha token.Also stated in the Biff's example project
config.edn.TEMPLATE.However the
human?function tests thescoreproperty used with v3 tokens but not included in the "v2 Invisible" token response wherescoreisnil.Creating a v3 token resolves the issue.