samples icon indicating copy to clipboard operation
samples copied to clipboard

Published 20 hours ago verified publisher icon azure-ad-b2c

B2C not evaluating result from Captcha Verify

Open ckjacksoncda opened this issue 1 year ago • 2 comments

I am close to getting my custom policy working with Cloudflare Turnstile captcha, but am stumbling on just about the last step...

What works:

  • Switched from unifiedssp to selfasserted content definition
  • Captcha is displayed on Sign In page
  • Captcha response is successfully populating g-recaptcha-response-toms element in the form
  • g-recaptcha-response-toms is being read by B2C on post (I can see the value making it into the App Insight logs)
  • The response is passed to a Logic App, which passes it to Turnstile's verify endpoint, which verifies the captcha response
  • The Logic App replies with the verify response payload (I can see it in the Logic App run result)

... and then the trail goes dead.

The Verify response doesn't make it into the App Insights log and doesn't appear to be evaluated by the B2C custom policy.

I have embedded the "login-reCaptcha" technical profile in my base policy file, and seemingly very close to success.

Is there a trick to getting the technical profile to validate the verify response?

ckjacksoncda avatar Nov 13 '23 23:11 ckjacksoncda

It just needs to respond with HTTP 200 to B2C's request.

JasSuri avatar Nov 14 '23 09:11 JasSuri

Jas Suri... you can't even begin to understand how helpful that single sentence is. X D

Thank you SO, SO, SO much. It's an extremely simple solution... and I looked right past it.

ckjacksoncda avatar Nov 14 '23 16:11 ckjacksoncda