Hi,
I am integrating reCAPTCHA Enterprise with Account Verification (MFA).
Flow:
1. Frontend calls grecaptcha.enterprise.execute() with action LOGIN and twofactor: true
2. Backend calls createAssessment with accountVerification enabled
3. Response contains accountVerification with requestToken
4. When I call grecaptcha.enterprise.challengeAccount() with:
- account-token
- container
However:
- No popup UI is rendered
- No verification code is sent
Code snippet:
const triggerMFA = async (requestToken: string): Promise<string> => {
if (!window.grecaptcha?.enterprise) {
throw new Error("reCAPTCHA not ready");
}
return window.grecaptcha.enterprise.challengeAccount(
import.meta.env.VITE_RECAPTCHA_SITE_KEY, {
'account-token': requestToken, // requestToken is coming from Account verification
'container': 'mfa-container', // Binded to div in log-in page
}
);
};
Sample Response:
{
...,
"accountVerification": {
"endpoints": [{
"emailAddress": " [removed by moderator] ",
"requestToken": "tplIUFvvJUIpLaOH0hIVj2H71t5Z9mDK2RhB1SAGSIUOgOIsBv",
"lastVerificationTime": "",
}],
"latestVerificationResult": "RESULT_UNSPECIFIED"
}
}Technologies:Front End - ReactBack End - Spring BootHere are list of questions I have:1. Under what exact conditions does challengeAccount() render UI?
2. Is it correct that challengeAccount only works when riskAnalysis.challenge = "CHALLENGE_REQUIRED"?
3. Is there any way to force MFA challenge for testing?
4. Does MFA depend entirely on Googleβs risk engine ?