reCAPTCHA is a free service provided by Google that can be used to protect against spam or other forms of internet abuse by verifying whether a user is a human or a robot. It comes in the form of a widget.
Let's learn how to set up and use reCaptcha with WSO2 Identity Server.
How it works
First, you will need to register and create an API key pair for the required domain. The key pair consists of a site key and site secret. The site key is used to display the reCaptcha widget on a web page. After the verification, a new parameter called
g-recaptcha-response appears on the form, which can be submitted by the user. From the server side, you can verify the submitted captcha response by calling the Google API with the secret key.
Follow the steps below to configure this.
Configuring reCAPTCHA API keys
Register your identity server domain.
Provide the following details and click Submit.
Field Description Sample Lable This is a label to identify the site.
WSO2 Identity Server
reCAPTCHA type This is the type of the reCaptcha. Select Select either of the following
- reCAPTCHA v2 > "I'm not a robot" Checkbox
- recCAPTCHA v2 > Invisible reCAPTCHA badge
Domains This defines the domain and the subdomains to which this registration applies to.
Note that a
secret keyget generated. Copy them for later use.
Open the c
aptcha-config.propertiesfile located in the
<IS_HOME>/repository/conf/identity/directory and configure the following properties.
Restart WSO2 Identity Server.
You have successfully set up reCaptcha for your site. You can now configure reCaptcha with any of the following:
- Configuring Google reCaptcha for self registration
- Configuring Google reCaptcha for security-question based password recovery (password recovery with secret questions)