Reputation: 216
How to Change reCAPTCHA Enterprise Threshold for Firebase App Check?
I'm working with Firebase App Check and I’m using ReCaptcha Enterprise to protect my Firebase app and functions.
In the google cloud console / ReCaptcha Enterprise metrics section for my key, I see options for "Threshold recommendation" with values like Balanced, Low, and High. It appears that my current setting is Balanced, which results in requests with an assessment score lower than 0.6 returning a 401 error when calling my Firebase function protected with enforceAppCheck: true.
I'd like to adjust the threshold setting for my reCAPTCHA key to better suit my application's needs. As shown in the image above, the threshold recommendations are provided, and I can simulate the threshold and estimate the score threshold effect. However, I can't seem to actually change the threshold here.
Could someone guide me on how to change the reCAPTCHA key threshold used by App Check?
Upvotes: 1
Views: 1163
Answers (1)
Reputation: 49
I think there is no direct way to edit it out, but you could try editing it via google cloud CLI.
You can try to run this command.
gcloud recaptcha enterprise key update <PROJECT_ID> <KEY_ID> --challenge_security_level=<THRESHOLD_VALUE>
where Project ID is your Project ID.
Key ID is your reCAPTCHA key ID.
THRESHOLD_VALUE is your desired value (e.g., 0.4).
Based on this document
"Note: After creating reCAPTCHA keys, you can edit or delete them. You cannot recover deleted keys."
You also need to enable your reCAPTCHA Enterprise API for your project. Once enabled you can try to use curl or any programming language library that can interact with the reCAPTCHA Enterprise API's "keys.update" You can further check it here.
For your server-side code, you can further look into Firebase's Admin SDK for managing reCAPTCHA settings, more info here
Although there is no official documentation that I've come across, be wary of the limitation of its functionality.
Based on my understanding you're using a reCaptcha Enterprise, you can reach for support for proper alternative or resolution for your desired outcome.
Upvotes: 0
Related Questions
- Should "reCAPTCHA Enterprise site keys" be exposed to the client?
- reCAPTCHA Enterprise Returned "Requests from this referrer are blocked"
- Will enabling additional features from Google in ReCAPTCHA Enterprise affect the site-verify response?
- Firebase App Check and reCAPTCHA v3 Enterprise Integration: Billing and Token Reusability
- Google recaptcha Enterprise returns zero for risk analysis score