This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

CAPTCHA_CHECK_FAILED : Recaptcha verification failed - SITE_MISMATCH

Posted on 12-23-2024 01:49 AM
imuhammadnadeem
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello Google Support Team,

I am encountering the following error while implementing Firebase reCAPTCHA with the Identity Toolkit API for Phone Authentication:

{
"error": {
"code": 400,
"message": "CAPTCHA_CHECK_FAILED : Recaptcha verification failed - SITE_MISMATCH",
"errors": [
{
"message": "CAPTCHA_CHECK_FAILED : Recaptcha verification failed - SITE_MISMATCH",
"domain": "global",
"reason": "invalid"
}
]
}
}

I have already tried using the sendVerificationCode method from the Identity Toolkit API on both the server and client sides, but I continue to encounter the same issue.

Could you please assist me in understanding the cause of the SITE_MISMATCH error and how to resolve it? Any guidance on what needs to be configured to avoid this error would be greatly appreciated.

Thank you in advance for your help!

Best regards,
Muhammad Nadeem

0 4 724
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
Udaybhan200
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

i am faced same issue , if u getting any solution , help me

0 Likes

Posted on --/--/---- --:-- AM
imuhammadnadeem
Bronze 1
Bronze 1
In response to Udaybhan200
Reply posted on --/--/---- --:-- AM

Sure! Can you share more details about the issue you're facing? Iโ€™d be happy to help you out!

0 Likes

Posted on --/--/---- --:-- AM
Sheik
Staff
Reply posted on --/--/---- --:-- AM

Hi,

The issue is caused because the site which generated the reCAPTCHA token is not part of the domain's allowlist for the specified site key. The easiest option to mitigate is to add the site to the domain's allow list. So wondering how did you create the site key ? Are you trying to use reCAPTCHA as multi factor authentication ? 

 

Posted on --/--/---- --:-- AM
imuhammadnadeem
Bronze 1
Bronze 1
In response to Sheik
Reply posted on --/--/---- --:-- AM

imuhammadnadeem_7-1736326894302.png

This is the head of the index.html.  The key is the reCAPTCHA site key from the Google Cloud.

imuhammadnadeem_0-1736324484764.png

This is in the body of index.html. The key is the reCAPTCHA site key from the Google Cloud.

imuhammadnadeem_1-1736324562118.png

This is my function to get the token

imuhammadnadeem_2-1736324582694.png

Here I'm getting the token.

imuhammadnadeem_3-1736324633808.png

These are added in Firebase.

imuhammadnadeem_6-1736324878266.png

These are added in reCAPTCHA.

imuhammadnadeem_4-1736324710040.png

I added the legacy key in the reCAPTCHA secret key from the reCAPTCHA site below.

imuhammadnadeem_5-1736324752749.png

 

0 Likes