feat(clerk-js): Adjust captcha parameter handling for sign ups with G…

…oogle (#3806) Co-authored-by: Kevin Wang <[email protected]>
clerk · Jul 24, 2024 · 17bbe01 · 17bbe01
1 parent 7575f8e
commit 17bbe01
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 1 deletion.
diff --git a/.changeset/rude-wasps-wonder.md b/.changeset/rude-wasps-wonder.md
@@ -0,0 +1,5 @@
+---
+"@clerk/clerk-js": patch
+---
+
+Adjust how we pass captcha tokens to the Clerk API when signing in with Google, Microsoft, and Apple
diff --git a/packages/clerk-js/src/core/resources/SignUp.ts b/packages/clerk-js/src/core/resources/SignUp.ts
@@ -71,7 +71,13 @@ export class SignUp extends BaseResource implements SignUpResource {
     const { captchaSiteKey, canUseCaptcha, captchaURL, captchaWidgetType, captchaProvider, captchaPublicKeyInvisible } =
       retrieveCaptchaInfo(SignUp.clerk);
 
-    if (canUseCaptcha && captchaSiteKey && captchaURL && captchaPublicKeyInvisible) {
+    if (
+      !this.shouldBypassCaptchaForAttempt(params) &&
+      canUseCaptcha &&
+      captchaSiteKey &&
+      captchaURL &&
+      captchaPublicKeyInvisible
+    ) {
       try {
         const { captchaToken, captchaWidgetTypeUsed } = await getCaptchaToken({
           siteKey: captchaSiteKey,
@@ -91,6 +97,10 @@ export class SignUp extends BaseResource implements SignUpResource {
       }
     }
 
+    if (params.transfer && this.shouldBypassCaptchaForAttempt(params)) {
+      paramsWithCaptcha.strategy = SignUp.clerk.client?.signIn.firstFactorVerification.strategy;
+    }
+
     return this._basePost({
       path: this.pathRoot,
       body: normalizeUnsafeMetadata(paramsWithCaptcha),
@@ -264,4 +274,27 @@ export class SignUp extends BaseResource implements SignUpResource {
     }
     return this;
   }
+
+  /**
+   * We delegate bot detection to the following providers, instead of relying on turnstile exclusively
+   */
+  protected shouldBypassCaptchaForAttempt(params: SignUpCreateParams) {
+    if (
+      params.strategy === 'oauth_google' ||
+      params.strategy === 'oauth_microsoft' ||
+      params.strategy === 'oauth_apple'
+    ) {
+      return true;
+    }
+    if (
+      params.transfer &&
+      (SignUp.clerk.client?.signIn.firstFactorVerification.strategy === 'oauth_google' ||
+        SignUp.clerk.client?.signIn.firstFactorVerification.strategy === 'oauth_microsoft' ||
+        SignUp.clerk.client?.signIn.firstFactorVerification.strategy === 'oauth_apple')
+    ) {
+      return true;
+    }
+
+    return false;
+  }
 }