How to disable reCaptcha in firebase phone-auth (OTP) android?

Question

I've updated the firebase library recently and didn't change anything else.

  implementation 'com.google.firebase:firebase-auth:20.0.1'
  implementation 'com.google.firebase:firebase-messaging:21.0.0'
  implementation 'com.google.firebase:firebase-storage:19.2.0' 
  implementation 'com.google.android.gms:play-services-auth:19.0.0'

but whenever a user tries to signup, a Recaptcha is showing for a few seconds and then sometimes redirects to a web browser (CustomChromeTab) after that OTP is received from firebase auth. It takes about 15-30 seconds. How to prevent the Recaptcha? However, I added the SHA1 and SHA256 in the firebase console and have not changed the code. Thanks.

Here is the screenshot of the captcha verification process:

I added SHA256 key taken from play store, and from android studio terminal, but still getting this recaptcha pop up — SardorbekR, Dec 15 '20 at 10:55

Mohd Asim · Accepted Answer · 2021-01-05T06:36:45.567

37

Most of the times while implementing dependencies like:

implementation 'androidx.browser:browser:1.2.0'

the above window pops-up in the browser.

Here, is a way to resolve it successfully.

Step 1-

In the Google Cloud Console, enable the Android DeviceCheck API for your project. The default Firebase API Key will be used, and needs to be allowed to access the DeviceCheck API.

Step 2-

If you haven't yet specified your app's SHA-256 fingerprint, do so from the Settings Page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-256 fingerprint.

Hope it works!!! For more information, you can also check Google SafetyNet API for checking Google Play Services installation in device at the time of Phone Authentication.

edited Jan 05 '21 at 06:36

answered Dec 04 '20 at 13:23

Mohd Asim

615
6
6

Thanks, it is working. It looks justified also, as we need to provide google with our keys so that they can trust us. – Vijay Dec 21 '20 at 17:28
1

I did the above steps. But it still taking me to browser for captcha flow. I'm using firebase-bom:26.2.0. – Chan Myae Aung Jan 01 '21 at 13:15
2

Try to implement this dependency , implementation 'com.google.firebase:firebase-auth' and make sure that you have specified your SHA1 and SHA-256 as well as replace your google-service.json with the modified one.i.e, after saving your SHA-1 and SHA-256 in the firebase console. – Mohd Asim Jan 01 '21 at 14:40
1

This will happen if you are using an emulator. Other situation may be you are using a device that does not have google play service working properly. @Akshaykumar – Ariful Jannat Arif Apr 14 '21 at 05:45
2

How can I make connection between my firebase project and cloud console project. They are totally different. I have 2 projects in firebase. While there is no project in cloud console. How do I link them if I create a new project in Cloud console. Kindly guide me. @Mohd Asim – Mubashar Hussain Apr 27 '21 at 12:48
2

Thank you! Worked for me. Used phone auth for 2 years and the captcha addition caused problems - people would cancel before the window open, etc. This is now in the Firebase docs btw: https://firebase.google.com/docs/auth/android/phone-auth – Andrew May 29 '21 at 20:32

score 1 · Answer 2 · answered May 21 '21 at 11:05

1

Try this alternative method to disable reCaptcha

mAuth = FirebaseAuth.getInstance();
// set this to remove reCaptcha web
mAuth.getFirebaseAuthSettings().setAppVerificationDisabledForTesting(true);

because I've been following Mohd Asim answer, and it doesn't work.

answered May 21 '21 at 11:05

Salz

59
1
4

1

Maybe, you've not re-update the google_services.json after including SHA1 and SHA256 keys in Firebase Console. It's still working... Hope it helps... – Mohd Asim May 29 '21 at 22:38
1

I updated the file, but it still doesn't work. Do you have a complete sample project to implement it? @MohdAsim – Salz May 31 '21 at 05:41

score 0 · Answer 3 · answered Dec 21 '20 at 17:45

In order to remove the captcha verification, you have to do this in Google cloud console.

IMPORTANT (you may have done that, but for the reminder):

Add the SHA1 and SHA256 of your project (see how to get) in the firebase project setting page (See how to set).

Go to the Library page in the Google APIs Console.
In the search bar type "Android Device Verification", and select the Android Device Verification box (API). The Android Device Verification API dashboard screen appears.
If the API isn't already enabled, click Enable. Hope here your problem solves and if not then proceed further.
If the Create credentials button appears, click on it to generate an API key. Otherwise, click the All API credentials drop-down list, then select the API key that's associated with your project that has enabled the Android Device Verification API.
In the sidebar on the left, click Credentials. Copy the API key that appears.
Use this API key when you call the attest() method of the SafetyNetClient class.

For more information read this official page - https://developer.android.com/training/safetynet/attestation

score 0 · Answer 4 · answered Jan 01 '22 at 11:00

go to google cloud console
Select project it should be same project in which firebase is running and make sure you have added sha-1 and sha-256 of both debug and release version and put updated google-services.json file in your app.
search android device verification
click on enable 5.done

Gentrit Ibishi · Answer 5 · 2022-05-22T16:10:38.780

0

Don't forget to go in Firebase Project Settings > App check > and Register firebase project in SafetyNet and Play Integrity register with default time token 1 hour and u will remove reCaptcha from phone auth OTP!

edited May 22 '22 at 16:10

answered May 22 '22 at 14:03

Gentrit Ibishi

1
2

How to disable reCaptcha in firebase phone-auth (OTP) android?

5 Answers5

Linked

Related