CODEWITHSUNDEEP
firebaseauthentication
Saiful Sazib
Saiful Sazib

Reputation: 501

How to disable reCaptcha in firebase phone-auth (OTP) android?

I've updated the firebase library recently and didn't change anything else.

  implementation 'com.google.firebase:firebase-auth:20.0.1'
  implementation 'com.google.firebase:firebase-messaging:21.0.0'
  implementation 'com.google.firebase:firebase-storage:19.2.0' 
  implementation 'com.google.android.gms:play-services-auth:19.0.0'

but whenever a user tries to signup, a Recaptcha is showing for a few seconds and then sometimes redirects to a web browser (CustomChromeTab) after that OTP is received from firebase auth. It takes about 15-30 seconds. How to prevent the Recaptcha? However, I added the SHA1 and SHA256 in the firebase console and have not changed the code. Thanks.

Here is the screenshot of the captcha verification process:

enter image description here

Upvotes: 28

Views: 65260

Answers (8)

Qadeer Muniry
Qadeer Muniry

Reputation: 139

2023 - SafetyNet is deprecated try below solution

According to the docmentation Play Integrity Support is available with the Authentication SDK v21.2.0+ (Firebase BoM v31.4.0+).

Make sure Firebase BoM version is BoM v31.4.0+

Now go the Firebase project -> build -> App Check -> Play Integrity Add your SHA-256 certificate fingerprint, leave the token settings as it is & click save. Make sure status is showing registered.

Enable Google Play Integrity API

Now run your app Recaptcha won't show.

Upvotes: 1

andreszs
andreszs

Reputation: 2956

Additionally to the comments about enabling Play Integrity App Check in Firebase Project Settings:

For anyone else dealing with the reCaptcha browser redirection, first make sure you are using at least the com.google.firebase:firebase-auth:21.2.0 version.

If you are using Firebase BoM (to avoid endless version incompatibilities) then use at least BoM 31.4.0 which is bound to firebase-auth-21.2.0:

com.google.firebase:firebase-bom:31.4.0
com.google.firebase:firebase-auth

Source:

enter image description here

Upvotes: 1

Mohamed El-Gohary
Mohamed El-Gohary

Reputation: 41

Step 1: Most of the times while implementing dependencies like:

implementation platform('com.google.firebase:firebase-bom:32.1.0')
implementation 'com.google.firebase:firebase-auth-ktx'
implementation 'androidx.browser:browser:1.5.0'
implementation 'com.google.android.play:integrity:1.1.0'

Step 2: If you haven't yet specified your app's SHA-256 and SHA-1 fingerprint, do so from the Settings Page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-256 and SHA-1 fingerprint.

Step 3: In the Google Cloud Console, enable the Google Play Integrity API for your project.

Step 4: In the Google play Console, enable the Google Play Integrity API for your project.

Upvotes: 3

Mohd Asim
Mohd Asim

Reputation: 754

Most of the times while implementing dependencies like:

implementation 'androidx.browser:browser:1.2.0'

the above window pops-up in the browser.

Here, is a way to resolve it successfully.

Step 1-

In the Google Cloud Console, enable the Android DeviceCheck API for your project. The default Firebase API Key will be used, and needs to be allowed to access the DeviceCheck API.

enter image description here

Step 2-

If you haven't yet specified your app's SHA-256 fingerprint, do so from the Settings Page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-256 fingerprint.

enter image description here

Hope it works!!! For more information, you can also check Google SafetyNet API for checking Google Play Services installation in device at the time of Phone Authentication.

Also, need to perform additional steps: Firebase Project Settings > App check > and Register firebase project in SafetyNet and Play Integrity register with default time token 1 hour.

Upvotes: 45

Gentrit Ibishi
Gentrit Ibishi

Reputation: 99

Don't forget to go in Firebase Project Settings > App check > and Register firebase project in SafetyNet and Play Integrity register with default time token 1 hour and u will remove reCaptcha from phone auth OTP!

Upvotes: 10

Sadique Khan
Sadique Khan

Reputation: 320

  1. go to google cloud console
  2. Select project it should be same project in which firebase is running and make sure you have added sha-1 and sha-256 of both debug and release version and put updated google-services.json file in your app.
  3. search android device verification
  4. click on enable 5.done

Upvotes: -1

Salz
Salz

Reputation: 88

Try this alternative method to disable reCaptcha

mAuth = FirebaseAuth.getInstance();
// set this to remove reCaptcha web
mAuth.getFirebaseAuthSettings().setAppVerificationDisabledForTesting(true);

because I've been following Mohd Asim answer, and it doesn't work.

Upvotes: 0

Vijay
Vijay

Reputation: 1388

In order to remove the captcha verification, you have to do this in Google cloud console.

IMPORTANT (you may have done that, but for the reminder):

Add the SHA1 and SHA256 of your project (see how to get) in the firebase project setting page (See how to set).

  1. Go to the Library page in the Google APIs Console.

  2. In the search bar type "Android Device Verification", and select the Android Device Verification box (API). The Android Device Verification API dashboard screen appears.

  3. If the API isn't already enabled, click Enable. Hope here your problem solves and if not then proceed further.

  4. If the Create credentials button appears, click on it to generate an API key. Otherwise, click the All API credentials drop-down list, then select the API key that's associated with your project that has enabled the Android Device Verification API.

  5. In the sidebar on the left, click Credentials. Copy the API key that appears.

  6. Use this API key when you call the attest() method of the SafetyNetClient class.

For more information read this official page - https://developer.android.com/training/safetynet/attestation

Upvotes: 0

Related Questions