I'm trying to use recaptcha v2 on laravel. Error is: {#336 ▼ +"success": false +"error-codes": array:1 [▼ 0 => "invalid-input-secret" ] }

Question

I am trying to apply google recaptcha v2 in my registration page made by auth using laravel breeze. working in laravel 8.it keep giving this error which means that maybe I have messed up with my secret key. but I have tried changing it 3 times . It is still not working. Please Help.

Registeration Controller's code is:

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Models\User;
use App\Providers\RouteServiceProvider;
use Illuminate\Auth\Events\Registered;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rules;
use Session;
// use Validator;

class RegisteredUserController extends Controller
{
    /**
     * Display the registration view.
     *
     * @return \Illuminate\View\View
     */
    public function create()
    {
        return view('auth.register');
    }

    /**
     * Handle an incoming registration request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\RedirectResponse
     *
     * @throws \Illuminate\Validation\ValidationException
     */
    public function store(Request $request)
    {
        $request->validate([
            'name' => ['required', 'string', 'max:255'],
            'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
            'password' => ['required', 'confirmed', Rules\Password::defaults()],
            'g-recaptcha-response' =>function ($attribute, $value, $fail) {
            $secretkey='6LcnbRIeAAAAAPOXYJnbM_xQb9NaTzPq1cfASAcN';
            $response = $value;
            $userIP = $_SERVER['REMOTE_ADDR'];
            $url = 'https://www.google.com/recaptcha/api/siteverify?secret=$secretkey&response=$response&remoteip=$userIP';
            $response = \file_get_contents($url);
            $response = json_decode($response);
            dd($response);
            if(!$response->success){
                Session::flash('recap' , 'pleaase check recaptcha');
                Session::flash('alert-class' , 'alert-danger');
                $fail($attribute.'google recaptcha failed');
            }
        },

        // 'g-recaptcha-response' => 'required|captcha',
        ]);

        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => Hash::make($request->password),
        ]);

        event(new Registered($user));

        Auth::login($user);

        return redirect(RouteServiceProvider::HOME);
    }
}

Blade file's code is:

<head>
    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
    <script type="text/javascript">
  var onloadCallback = function() {
    alert("grecaptcha is ready!");
  };
</script>
<script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit"
    async defer>
</script>
</head>
<x-guest-layout>
    <x-auth-card>
        <x-slot name="logo">
            <a href="/">
                <x-application-logo class="w-20 h-20 fill-current text-gray-500" />
            </a>
        </x-slot>

        <!-- Validation Errors -->
        <x-auth-validation-errors class="mb-4" :errors="$errors" />

        <form method="POST" action="{{ route('register') }}">
            @csrf

            <!-- Name -->
            <div>
                <x-label for="name" :value="__('Name')" />

                <x-input id="name" class="block mt-1 w-full" type="text" name="name" :value="old('name')" required autofocus />
            </div>

            <!-- Email Address -->
            <div class="mt-4">
                <x-label for="email" :value="__('Email')" />

                <x-input id="email" class="block mt-1 w-full" type="email" name="email" :value="old('email')" required />
            </div>

            <!-- Password -->
            <div class="mt-4">
                <x-label for="password" :value="__('Password')" />

                <x-input id="password" class="block mt-1 w-full"
                                type="password"
                                name="password"
                                required autocomplete="new-password" />
            </div>

            <!-- Confirm Password -->
            <div class="mt-4">
                <x-label for="password_confirmation" :value="__('Confirm Password')" />

                <x-input id="password_confirmation" class="block mt-1 w-full"
                                type="password"
                                name="password_confirmation" required />
            </div>

            <div class="flex items-center justify-end mt-4">
                <a class="underline text-sm text-gray-600 hover:text-gray-900" href="{{ route('login') }}">
                    {{ __('Already registered?') }}
                </a>
<div class="g-recaptcha" data-sitekey="6LcnbRIeAAAAAJvdNmW4MgZKA1nROGh00Td4G1cz"></div>
<!-- @if(Session::has('recap'))
<p class="alert {{Session::get('alert-class' , 'alert-info')}}">
    {{Session::get('recap')}}
</p>
@endif -->
      <br>
                <x-button class="ml-4">
                    {{ __('Register') }}
                </x-button>
            </div>
        </form>
    </x-auth-card>
</x-guest-layout>

Answer 1

Confirm that you are using your secret key instead of site key. I did that mistake a few days ago and got the same error as you. Second thing, do you have reCaptcha Enterprise configured with some other keys? You should see only one key there at classic keys section in your reCaptcha enterprise google's console.