Question about steps after getting token

t49tran / react-google-recaptcha-v3

Google Recaptcha V3 integration for React

MIT License

427 stars 91 forks source link

Question about steps after getting token #171

Closed rschlack closed 1 year ago

rschlack commented 1 year ago

When the handleVerify function is called it receives a token string.

I'm using this for a signup page. Should I then be sending this token down to the server where I create the new account and validate that the token is authentic using my v3 secret key? If so, does this module support that functionality?

thanks,

jfbaraky commented 1 year ago

I was having the same problem, because I was expecting a similar behavior as the V2. Here you will need:

Get the token using the library (this is the only function of this library);
Send the token to your backend (to hide your secret);
On your backend you can verify this user interaction using the token (check these docs);

Then you will have the score for the user;
You can do anything with this score, but it's up to you to define what to do. V3 will only tell you if the user is likely to be a human (score near 1) or a robot (score near 0);

rschlack commented 1 year ago

Thanks. I was able to make it work with exactly the procedure you mentioned.

This link should help people who have the same question. https://techblogs.42gears.com/verify-google-recaptcha-with-node-js/

thanks,

Rob

mnbucher commented 1 year ago

yup got confused as well until now. the google docs are not super clear here yet. you get an additional "score" value on the backend after verifying the token from the client.