CAPTCHA node
The CAPTCHA node adds CAPTCHA support by verifying the response token received from the CAPTCHA provider and creating a callback for the UI to interact with.
By default, the node is configured for Google’s reCAPTCHA v2.
Compatibility
Product | Compatible? |
---|---|
Advanced Identity Cloud |
Yes |
PingAM (self-managed) |
Yes |
Ping Identity Platform (self-managed) |
Yes |
This node only supports reCAPTCHA v2 and v3, and hCaptcha. For Google reCAPTCHA Enterprise support, use the reCAPTCHA Enterprise node. |
Dependencies
You need to sign up for access to the reCAPTCHA API to get the API key pair required for configuring the node.
Configuration
Property | Usage | ||
---|---|---|---|
CAPTCHA Site Key (required) |
The CAPTCHA site key supplied by the CAPTCHA provider when you sign up for access to the API. |
||
CAPTCHA Secret Key |
The CAPTCHA secret key supplied by the CAPTCHA provider when you sign up for access to the API.
|
||
CAPTCHA Secret Label Identifier |
An identifier used to create a secret label for mapping to a secret in a secret store. PingOne Advanced Identity Cloud uses this identifier to create a specific secret label for this node.
The secret label takes the form The identifier can only contain alphanumeric characters If you set a CAPTCHA Secret Label Identifier and PingOne Advanced Identity Cloud finds a matching secret in a secret store, the CAPTCHA Secret Key is ignored. |
||
CAPTCHA Verification URL |
The URL used to verify the CAPTCHA submission. Use |
||
CAPTCHA API URL (required) |
The URL of the JavaScript that loads the CAPTCHA widget. Use |
||
Class of CAPTCHA HTML Element |
The class of the HTML element required by the CAPTCHA widget. Use |
||
ReCaptcha V3 node |
If you’re using Google reCAPTCHA, specify whether it’s v2 or v3. Turn on for v3. |
||
Score Threshold |
If you’re using Google reCAPTCHA v3, enter a score threshold. The CAPTCHA provider returns a score for each user request, based on observed interaction with your site. CAPTCHA "learns" by observing real site traffic, so scores in a staging environment or in a production deployment that has just been implemented might not be very accurate. A score of 1.0 is likely a good user interaction, while 0.0 is likely to be a bot. The threshold you set here determines whether to allow or deny access, based on the score returned by the CAPTCHA provider. Start with a threshold of 0.5. Learn more about score thresholds in the Google documentation. |
||
Disable submission until verified |
If selected, form submission is disabled until CAPTCHA verification succeeds. Default: Enabled |
Outcomes
True
-
The CAPTCHA response was successfully verified.
False
-
The CAPTCHA response wasn’t verified or failed verification.
Errors
This node can throw exceptions with the following messages:
-
CAPTCHA response required for verification
-
Unable to verify CAPTCHA response
-
Unable to retrieve state from token response
-
No secret key found
Example
The following journey uses a Page node and a Data Store Decision node to collect and verify the credentials and a CAPTCHA response:
This example uses the following nodes:
-
The Page node prompts the user to input their username and password:
-
The Platform Username node collects the username and stores it in the shared state.
-
The Platform Password node collects the password and stores it in the shared state.
-
The CAPTCHA node collects and verifies the CAPTCHA response.
-
-
The Data Store Decision node uses the username and password to determine whether authentication is successful.