Improve reCAPTCHA implementation to support Google reCAPTCHA v3

[janakamarasena]

Currently, Identity Server supports v2 of Google reCAPTCHA. Provide the support for Google reCAPTCHA v3.

[ShanikaWickramasinghe]

Verified Below Flows with Pack IS 6.0 RC - All the flows worked as expected without any issues. Please find the tested flows as below https://drive.google.com/file/d/1h3ynCA_1kLKPovRahbDtrtGvFYxXkbvs/view

Invisible Recaptcha with V2

• [x] Recaptcha for SSO login (verified with pickup distpatch app, pickup dispatch manager app, myaccount)

https://user-images.githubusercontent.com/31848014/183248732-cd5fb516-434c-458c-a61c-54f51226fc26.mp4

• [x] Recaptcha during Failed login Attempts flow

• [x] Recaptcha During Self Registration flow

• [x] Recover Username Flow

• [x] Recover Password Flow

• [x] Resend Confirmation email Flow

Recaptcha V3

• [x] SSO login flow

https://user-images.githubusercontent.com/31848014/183249582-e98eb511-51ec-4867-ab89-0b1b5ffa8e0c.mp4

• [x] Username Recovery

• [x] Password Recovery

• [x] Failed Login Attempt

• [x] Self Registration

• [x] Resend Confirmation email Flow

[hwupathum]

There are multiple concerns when going forward with the implementation

• The score returned by reCAPTCHA can vary from development environment to production environment [1]. Also if the traffic to the server is less, the accuracy of the scores will be lower [2].

• Currently if the score is less than the threshold, the requests are blocked by the backend. Therefore, there is a possibility of blocking out user requests due to false positives. Unlike V2, V3 does not give a captcha puzzle if the request is identified as a bot, and the documentation [1] recommends to implement actions based on our context instead of simply "blocking it".

[1] https://developers.google.com/recaptcha/docs/v3#interpreting_the_score [2] https://www.google.com/recaptcha/admin/