Hello, I am having some trouble implementing the "Reset Password" page due to a "Recaptcha failed" error. We're using a Medplum-hosted backend. Specifically, here’s the error logged to the browser console:

XHRPOST
https://api.medplum.com/auth/resetpassword
[HTTP/2 400  175ms]
    
email    "alex@empallo.com"
recaptchaToken    "[redacted]"

The response logged in the console is:

{
  "resourceType": "OperationOutcome",
  "issue": [
    {
      "severity": "error",
      "code": "invalid",
      "details": {
        "text": "Recaptcha failed"
      }
    }
  ],
  "extension": [
    {
      "url": "https://medplum.com/fhir/StructureDefinition/tracing",
      "extension": [
        {
          "url": "requestId",
          "valueId": "[redacted]"
        },
        {
          "url": "traceId",
          "valueId": "[redacted]"
        }
      ]
    }
  ]
}

Here's what I've done so far: - On GCP, I've enabled the "reCAPTCHA Enterprise API," set up a reCAPTCHA key, and created OAuth 2.0 Client ID credentials (with certain URLs whitelisted). - My configuration on https://app.medplum.com/admin/sites is as follows: - Domain:

localhost

, [my deployed frontend URL] - Google Client ID: [my OAuth 2.0 Client ID] - Google Client Secret: [my OAuth 2.0 Client Secret] - Recaptcha Site Key: [the site key of my reCAPTCHA key] - Recaptcha Secret Key: [the "legacy" reCAPTCHA secret key] FWIW, I can see that the

recaptchaSiteKey

value obtained by my code via

config.ts

is correct. When I log the

recaptchaToken

to the console, its format at least looks correct (a long, alphanumeric string). Does my setup look correct, or am I overlooking something? Any guidance would be greatly appreciated! Thank you in advance for any help.