I am developing a web application with reCAPTCHA enterprise (score based, not checklist based). Everything has been integrated, and when I test it I often get reCAPTCHA error with invalid_reason "6". "6" however is not registered in the Google Cloud API Go library I am using. It is beyond the supported enum values in the library (extracted from the package recaptchaenterprise package):
TokenProperties_InvalidReason_name = map[int32]string{
0: "INVALID_REASON_UNSPECIFIED",
1: "UNKNOWN_INVALID_REASON",
2: "MALFORMED",
3: "EXPIRED",
4: "DUPE",
5: "MISSING",
}
This is from the v1 package. The v1beta1 package, I guess, will make use of the v1beta1 API. Using this package, I got invalid_reason "7", again outside the supported enum values:
TokenProperties_InvalidReason_name = map[int32]string{
0: "INVALID_REASON_UNSPECIFIED",
1: "UNKNOWN_INVALID_REASON",
2: "MALFORMED",
3: "EXPIRED",
4: "DUPE",
5: "SITE_MISMATCH",
6: "MISSING",
}
Looking at the documentation at https://cloud.google.com/recaptcha-enterprise/docs/reference/rest/v1/projects.assessments#invalidreason, there are 7 possible values for InvalidReason. The error is probably BROWSER_ERROR, something which I am not sure why.
This is not always the case though. Sometimes assessment can be made and the score is returned. This is a development site key that is configured to always return 0 score. Many times however I got that weird response.
A pattern that I have been seeing is that it succeeds in one network, and it fails in the other. I tried to create a setup in localhost with my web service and backend service running, and it succeeds with wifi connection, and it doesn't with mobile connection. Deploying the site to somewhere else I also get the same error. For now all I know is this error is flaky, not sure if it's related to network or not.
I have disabled domain verification for this key.
EDIT: I have created another key that is not a testing key. The result is still the same. I have modified the domain verification countless times, changing domains countless times, and the result is still the same.
A pattern that I have observed is the grecaptcha.enterprise.execute sometimes throw Timeout errors. This is an exception, and so the script will break. I don't know what it is doing but if, for the first time, execute runs for a few seconds, a token will be generated, but it will fail during assessment. If for the first time a token is generated quickly (less than a second), it will succeed. Successful tries mostly happen only in local deployment, in which I use the same domain (I used static DNS by putting the domain in /etc/hosts).
None of the documentation mention how to solve this issue. It does seem that we are better off using hCaptcha instead.
I had the same problem until I came across this answer, which pointed out that I didn't have the domain registered in the google console.
I added the domain and everything worked fine.