Solved: Using ReCaptcha from project A in application from... - Page 2

Krzysztofix

Description:
Hello,
I’m using reCAPTCHA Enterprise in my Android app. Everything works correctly when the app is installed directly from Android Studio or via a locally signed APK. However, when I distribute the app via Google Play Console (App Tester or internal testing), the reCAPTCHA flow fails with a “Site key invalid” error and shows an endless loading spinner.
• The reCAPTCHA API is configured in Project B in Google Cloud.
• The Android app is associated with Project A in Google Cloud.
• The site key is configured with the correct package name, and the SHA-1 fingerprints (including the Google Play app signing certificate) have been added under API key restrictions.
• Play Integrity API is not currently enabled in Project B where reCAPTCHA is configured.

Questions:
1. Can reCAPTCHA be used across different Google Cloud projects (i.e., app in Project A using reCAPTCHA from Project B)? I have a login module that is shared across multiple apps.
2. Why does it work when sideloaded but not from the Play Console (Firebase app distribution)?

markcorner

"use a site key from outside the app project on Google Cloud" -> What does this mean? The sitekey is attached to your Google Cloud project. What do you mean by "app project"?

I am not sure what effect Internal App Sharing would have on reCAPTCHA. As I said, we don't see any logs from that sitekey or bundle identifier other than the ones I mentioned.

The SDK will return bad sitekey locally, without contacting our server and thus no logs, if you try to init the SDK with a different sitekey after initializing it once. Perhaps it also does if the sitekey is blank.

You should check the exception code as well.

View solution in original post

Webinar May 29th: Log Ingestion: Bindplane + Google SecOps

Using ReCaptcha from project A in application from project B in Google Cloud