I'm trying to integrate Google reCAPTCHA Enterprise (without checkbox) into Vue3 based SPA.
JS is loaded in <head> tag as in the example in documentation. I see that reCaptcha code is successfully downloaded and launched, badge at the bottom of the screen stating that site is protected with reCAPTCHA is shown with no warnings.
I can request a token using grecaptcha.enterprise.execute(...) and I get the response as expected. Token seems to be "normal" and it's value is different on each request.
Then I send the token to backed and backend tries to verify it using plain REST API (same as in REST example in documentation, based on plain cURL example).
The response that I get always gives the same result:
"valid" => false
"invalidReason" => "DUPE"
Documentation does not really explain what this 'DUPE' reason means and how to avoid it. Does anyone have any clues what it really means and how to avoid it?
I've tried 3 types of site keys: test keys with low and high score, and "real one" ("test" unchecked).
I've tried 2 different browsers: Chrome and Firefox, both in normal and incognito mode.
I've tried just to wait for 3 hours (in case if I've hit some rate-limiting).
The result is always the same - invalidReason: DUPE
The DUPE reason means that (docs):
The user verification had already been seen.
In practice this means that once you received a token back from execute it was sent to the projects.assessments.create endpoint twice or more. The token will be assessed as valid the first time it is evaluated, but for any subsequent assessment calls with the same token it will come back as invalid with the DUPE reason.