Issues related to Google reCaptcha v3

Question

I wanted to integrate reCaptcha in a website and bit of confused, about it's working.

Here's how I configured:

1. Added this code in head:

   <script src='https://www.google.com/recaptcha/api.js?render=SITE_KEY></script>
   

2. Used this code on page load to get reCaptcha response

<script>
grecaptcha.ready(function() {
grecaptcha.execute('SITE_KEY', {action: 'register'})
.then(function(token) {
  jQuery('#recaptcha').val(token);
});
});
</script>

3. Use this code to verify captcha response

   $secret = 'SECRET_KEY';
   $verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['recaptcha']);
   $responseData = json_decode($verifyResponse);
   if($responseData->success){
       //valid response, move forward
   }else{
       //captcha check failed, throw an error
   }
   

It seems to work fine for me, and I'm getting 0.9 score for my requests.

Problem: Assume captcha failed for a valid user request because of any reason (like ip was used for spamming or any other google verification check failed). But the user is legitimate so:

1. how do a user can prove his humanity? (like in previous checkbox version)
2. if user loads registration form and go for other activities, the user came back after sometime (e.g 10 mins). When user will try to submit form, the captcha check will fail. (I tried this and got error back 'timeout-or-duplicate')
3. Is there any way to reload captcha, without page reload?

Please lemme know, how to overcome those issues?

Answer 1

Add reCAPTCHA V2 with V3. If V3 fails. Use V2 to verify the user.