Configure Third-Party CAPTCHA Provider Integrations

Auth0 supports several third-party CAPTCHA provider integrations for Bot Detection.

Google reCAPTCHA Enterprise on Google Cloud Platform (GCP)

You can use Google reCAPTCHA Enterprise as a Bot Detection service for traffic exceeding 1 million assessments per month.

To learn how to configure reCAPTCHA Enterprise on GCP, read Set up reCAPTCHA Enterprise ... on Google Documentation.

Locate your GCP project ID

  1. Go to your Google Cloud Dashboard.

  2. Select your project in the drop-down menu to see the corresponding Project ID.

  3. Make a note of the Project ID as you will need it later.

Enable reCAPTCHA Enterprise

  1. In the Google Cloud Dashboard, enter reCAPTCHA Enterprise API in the search bar, and then select it from the Marketplace results.

  2. Select Enable to enable the API.

Create a site key

  1. In the Google Cloud Dashboard, enter reCAPTCHA Enterprise in the search bar, and then select it from the Marketplace results.

  2. Select Create Key.

  3. Under Domain List, add your Auth0 tenant domain.

  4. Enable the toggle for Disable domain verification.

  5. Enable the toggle for Use checkbox challenge to enable Google's "I am not a robot" verification checkbox.

  6. Under Challenge Security, select a difficulty level for the challenge.

  7. Select Create Key.

  8. Make a note of the Site Key as you will need it later.

Create an API key

  1. In the Google Cloud Dashboard, enter Credentials in the search bar, and then select it from the results.

  2. Select Create Credentials > API Key. Make a note of the API Key as you will need it later.

  3. In the pop-up, select Edit Key.

  4. Under Application Restrictions, select IP addresses (web servers, cron jobs, etc.), and then enter the Auth0 IP Addresses for Allow Lists.

  5. Under API Restrictions, select Restrict Key, select reCAPTCHA Enterprise API from the drop-down list, and click OK.

  6. Select Save.

hCaptcha

The hCaptcha widget can protect your applications from bots, spam, and other forms of automated abuse.

To learn more about hCaptcha and how to get configuration details, read Switch from reCAPTCHA to hCaptcha on hCaptcha Docs.

Friendly Captcha

Friendly Captcha is a system for preventing spam on your website. You can add the Friendly Captcha widget to your web app to fight spam, with little impact to the user experience.

To learn more about Friendly Captcha and how to get configuration details, read Installation on Friendly Captcha Docs.

Arkose

Arkose Labs provides a bot detection solution for mitigating human-based and bot-driven attacks. For more information on seamlessly integrating with Arkose as your CAPTCHA provider, see Arkose Bot Manager.

Configure callback action with Auth0.js

When using Arkose as the CAPTCHA provider, the Auth0.js WebAuth client’s renderCaptcha method allows you to pass a callback function. The second parameter of the callback will be a payload object containing the triggerCaptcha function. The triggerCaptcha function can be used to configure how your application handles and renders the CAPTCHA prompt.

To learn more about configuring the renderCaptcha method, read renderCaptcha in the Auth0.js documentation.