23

I've updated the firebase library recently and didn't change anything else.

  implementation 'com.google.firebase:firebase-auth:20.0.1'
  implementation 'com.google.firebase:firebase-messaging:21.0.0'
  implementation 'com.google.firebase:firebase-storage:19.2.0' 
  implementation 'com.google.android.gms:play-services-auth:19.0.0'

but whenever a user tries to signup, a Recaptcha is showing for a few seconds and then sometimes redirects to a web browser (CustomChromeTab) after that OTP is received from firebase auth. It takes about 15-30 seconds. How to prevent the Recaptcha? However, I added the SHA1 and SHA256 in the firebase console and have not changed the code. Thanks.

Here is the screenshot of the captcha verification process:

enter image description here

Vijay
  • 1,163
  • 8
  • 22
Saiful Sazib
  • 451
  • 1
  • 3
  • 14

7 Answers7

43

Most of the times while implementing dependencies like:

implementation 'androidx.browser:browser:1.2.0'

the above window pops-up in the browser.

Here, is a way to resolve it successfully.

Step 1-

In the Google Cloud Console, enable the Android DeviceCheck API for your project. The default Firebase API Key will be used, and needs to be allowed to access the DeviceCheck API.

enter image description here

Step 2-

If you haven't yet specified your app's SHA-256 fingerprint, do so from the Settings Page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-256 fingerprint.

enter image description here

Hope it works!!! For more information, you can also check Google SafetyNet API for checking Google Play Services installation in device at the time of Phone Authentication.

Also, need to perform additional steps: Firebase Project Settings > App check > and Register firebase project in SafetyNet and Play Integrity register with default time token 1 hour.

Prajwal Waingankar
  • 2,534
  • 2
  • 13
  • 20
Mohd Asim
  • 724
  • 9
  • 7
  • Thanks, it is working. It looks justified also, as we need to provide google with our keys so that they can trust us. – Vijay Dec 21 '20 at 17:28
  • 1
    I did the above steps. But it still taking me to browser for captcha flow. I'm using firebase-bom:26.2.0. – Chan Myae Aung Jan 01 '21 at 13:15
  • 2
    Try to implement this dependency , implementation 'com.google.firebase:firebase-auth' and make sure that you have specified your SHA1 and SHA-256 as well as replace your google-service.json with the modified one.i.e, after saving your SHA-1 and SHA-256 in the firebase console. – Mohd Asim Jan 01 '21 at 14:40
  • 1
    This will happen if you are using an emulator. Other situation may be you are using a device that does not have google play service working properly. @Akshaykumar – Ariful Jannat Arif Apr 14 '21 at 05:45
  • 2
    How can I make connection between my firebase project and cloud console project. They are totally different. I have 2 projects in firebase. While there is no project in cloud console. How do I link them if I create a new project in Cloud console. Kindly guide me. @Mohd Asim – Mubashar Hussain Apr 27 '21 at 12:48
  • 2
    Thank you! Worked for me. Used phone auth for 2 years and the captcha addition caused problems - people would cancel before the window open, etc. This is now in the Firebase docs btw: https://firebase.google.com/docs/auth/android/phone-auth – Andrew May 29 '21 at 20:32
  • 2
    its two years later, the SafetyNet API cannot be used for new projects anymore. I'm using the PlayIntegrity API and the recaptcha keeps popping up. Any ideas? – RaideR Feb 20 '23 at 09:38
  • @RaideR I am facing the same issue, did you find any solution – Mitul Agrawal Feb 25 '23 at 16:25
  • I wrote to the Google Support - their answer is not satisfying: "Unfortunately, we are unable to provide a timeline for Play Integrity API phone authentication implementation. For now, you can use reCAPTCHA verification for phone number authentications. SafetyNet deprecation is not related to reCAPTCHA API. The two SafetyNet APIs are independent, and the Attestation API deprecation will not affect the reCAPTCHA API. You can still use this API even after migrating to Play Integrity API. We will update this document as soon as we can to avoid confusion." – RaideR Feb 27 '23 at 07:46
  • I would recommend that you also write them - so they know that this topic is important for a lot of people. – RaideR Feb 27 '23 at 07:47
  • 1
    I think Android device verification changed with Google Play Integrity API [link](https://firebase.google.com/docs/auth/android/phone-auth#enable-app-verification) – Adarsh Vijayan P Apr 20 '23 at 12:16
  • Android Device Verification was deprecated and can no longer be found in the Cloud Console. It was replaced by Play Integrity API. – andreszs Aug 30 '23 at 21:29
8

Don't forget to go in Firebase Project Settings > App check > and Register firebase project in SafetyNet and Play Integrity register with default time token 1 hour and u will remove reCaptcha from phone auth OTP!

Gentrit Ibishi
  • 81
  • 1
  • 4
  • That's awesome. Can you tell the details of time token and change effect of it? – muhibbin_munna Jul 18 '22 at 14:15
  • About token time, by default is 1 hour i suggest u to not change let 1 hour, thank you. – Gentrit Ibishi Jul 18 '22 at 21:38
  • 2
    One point to note here is, even though SafetyNet is deprecated by this time, you have to register app in SafetyNet as well, otherwise captcha verification will come. I don't know whether its a bug or feature from firebase, but that's how it works. Believe me I have tried it by multiple times uninstalling and reinstalling the app, and SafetyNet registration is REQUIRED. – Divya Gupta Dec 03 '22 at 05:22
  • 3
    I already enable Play Integrity from google console as well as on firebase console app check but still I am seeing captcha screen. Please help!! – Nicks Mar 02 '23 at 13:40
  • *SafetyNet is deprecated and is no longer accepting new projects; please use the Play Integrity API instead. Support for SafetyNet will be removed by the deprecation deadline.* – andreszs Aug 30 '23 at 21:23
1

Step 1: Most of the times while implementing dependencies like:

implementation platform('com.google.firebase:firebase-bom:32.1.0')
implementation 'com.google.firebase:firebase-auth-ktx'
implementation 'androidx.browser:browser:1.5.0'
implementation 'com.google.android.play:integrity:1.1.0'

Step 2: If you haven't yet specified your app's SHA-256 and SHA-1 fingerprint, do so from the Settings Page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-256 and SHA-1 fingerprint.

Step 3: In the Google Cloud Console, enable the Google Play Integrity API for your project.

Step 4: In the Google play Console, enable the Google Play Integrity API for your project.

Super Kai - Kazuya Ito
  • 22,221
  • 10
  • 124
  • 129
Mohamed El-Gohary
  • 11
  • 4
  • Are you 100% sure that the `com.google.android.play:integrity` library must be included separately, and it's not part of the firebase-auth 21.2.0 library? – andreszs Aug 30 '23 at 21:48
0

Try this alternative method to disable reCaptcha

mAuth = FirebaseAuth.getInstance();
// set this to remove reCaptcha web
mAuth.getFirebaseAuthSettings().setAppVerificationDisabledForTesting(true);

because I've been following Mohd Asim answer, and it doesn't work.

Salz
  • 73
  • 1
  • 5
  • 1
    Maybe, you've not re-update the google_services.json after including SHA1 and SHA256 keys in Firebase Console. It's still working... Hope it helps... – Mohd Asim May 29 '21 at 22:38
  • 1
    I updated the file, but it still doesn't work. Do you have a complete sample project to implement it? @MohdAsim – Salz May 31 '21 at 05:41
  • Updated code is FirebaseAuth.instanc.setSettings(appVerificationDisabledForTesting: true) – Danny Rufus Jun 22 '23 at 18:09
0

Additionally to the comments about enabling Play Integrity App Check in Firebase Project Settings:

For anyone else dealing with the reCaptcha browser redirection, first make sure you are using at least the com.google.firebase:firebase-auth:21.2.0 version.

If you are using Firebase BoM (to avoid endless version incompatibilities) then use at least BoM 31.4.0 which is bound to firebase-auth-21.2.0:

com.google.firebase:firebase-bom:31.4.0
com.google.firebase:firebase-auth

Source:

enter image description here

andreszs
  • 2,896
  • 3
  • 26
  • 34
-1

In order to remove the captcha verification, you have to do this in Google cloud console.

IMPORTANT (you may have done that, but for the reminder):

Add the SHA1 and SHA256 of your project (see how to get) in the firebase project setting page (See how to set).

  1. Go to the Library page in the Google APIs Console.

  2. In the search bar type "Android Device Verification", and select the Android Device Verification box (API). The Android Device Verification API dashboard screen appears.

  3. If the API isn't already enabled, click Enable. Hope here your problem solves and if not then proceed further.

  4. If the Create credentials button appears, click on it to generate an API key. Otherwise, click the All API credentials drop-down list, then select the API key that's associated with your project that has enabled the Android Device Verification API.

  5. In the sidebar on the left, click Credentials. Copy the API key that appears.

  6. Use this API key when you call the attest() method of the SafetyNetClient class.

For more information read this official page - https://developer.android.com/training/safetynet/attestation

Vijay
  • 1,163
  • 8
  • 22
-1
  1. go to google cloud console
  2. Select project it should be same project in which firebase is running and make sure you have added sha-1 and sha-256 of both debug and release version and put updated google-services.json file in your app.
  3. search android device verification
  4. click on enable 5.done
Sadique Khan
  • 230
  • 3
  • 9