Google Cloud Firestore in Native Mode and Recaptcha v3

0
votes

I am deciding which technologies to choose for my next project and I've decided that I'd like to use some of the Google Cloud products. I've been reading about Firestore in Native Mode and the idea of developing a web without a server need for CRUD operations seems really interesting.

My problem comes with me wanting to also use Google Recaptcha v3, is there any way to read how trusted an user is using according to Recaptcha v3 in the secutiry rules of Firestore to deny the request if it's, for example, under 2.

Thanks

2
google-app-enginegoogle-cloud-firestorerecaptcharecaptcha-v3

2 Answers

2
votes

No, Firestore security rules don't have any access to data from recaptcha. If you want to know something about the end user, you will have to use Firebase Authentication.

1
votes

There is no information about Google Recaptcha v2 that is automatically included in the Firebase Authentication token for the user, as far as I know. And since the auth token is the only information about the user that is available in security rules (as request.auth), the repatcha information won't be available.

The only way to get that information into the user's token is if you'd add it yourself as a custom claim from one of the Admin SDKs.