feat: implement reCAPTCHA Enterprise

[mikehardy]

Description

More documentation to come - this is in progress at this moment, pushing for visibility only

Related issues

Can link upstream and FlutterFire sister repo PR

Release Summary

Will be conventional commits for an automated semantic release

Checklist

• I read the Contributor Guide and followed the process outlined there for submitting PRs.
  • Yes
• My change supports the following platforms;
  • Android
  • iOS
  • Other (macOS, web)
• My change includes tests;
  • e2e tests added or updated in packages/\*\*/e2e
  • jest tests added or updated in packages/\*\*/__tests__
• I have updated TypeScript types that are affected by my change.
• This is a breaking change;
  • Yes
  • No

Test Plan

A great deal of unit and type and e2e and documentation tests

---

Think react-native-firebase is great? Please consider supporting the project with any of the below:

• 👉 Star this repo on GitHub ⭐️
• 👉 Follow React Native Firebase and Invertase on Twitter

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces support for reCAPTCHA Enterprise in react-native-firebase, enabling enhanced bot protection for App Check and Auth. The changes include the addition of new provider classes, native dependency updates for Android, and comprehensive configuration plumbing to propagate site keys across platforms. The implementation follows a modular approach, ensuring type parity with the Firebase JS SDK while providing platform-specific runtime behavior.

Highlights

• reCAPTCHA Enterprise Support: Implemented reCAPTCHA Enterprise for App Check and Auth, including new provider classes and native integration.
• Configuration Plumbing: Added recaptchaSiteKey support to FirebaseAppOptions to enable cross-platform configuration.
• Platform-Specific Routing: Introduced robust routing logic to handle reCAPTCHA providers across iOS, Android, and Web contexts.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request implements Phase 0 and Phase 1 of the reCAPTCHA Enterprise design plan, adding recaptchaSiteKey plumbing to the core app options and introducing ReCaptchaV3Provider and ReCaptchaEnterpriseProvider to the App Check package. It updates the Web bridge to support real JS SDK providers and provider-less initialization, extends native provider configurations, and adds comprehensive unit and type tests. The review feedback focuses on simplifying the platform routing logic by removing dead code for macOS (which is already handled under the isOther path) and improving runtime robustness by using optional chaining when accessing app options.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

Since RNFBCommon.isOther is true when Platform.OS is 'macos', the initializeAppCheck method in namespaced.ts will always return early on macOS and never call resolveNativeInitializeAppCheckRoute. Therefore, checking for 'macos' inside resolveNativeInitializeAppCheckRoute is dead code and can be safely removed to simplify the platform routing logic.

    if (
      context.platformOS === 'android' ||
      context.platformOS === 'ios'
    ) {
      return { providerName: 'recaptcha' };
    }

[gemini-code-assist]

As macOS is handled under the isOther path, context.platformOS will never be 'macos' when executing resolveNativeInitializeAppCheckRoute. You can safely simplify this check to only check for 'ios'.

Suggested change

	if (context.platformOS === 'ios' || context.platformOS === 'macos') {
	if (context.platformOS === 'ios') {

[gemini-code-assist]

To prevent potential runtime TypeErrors if appOptions is null or undefined (for example, in testing or custom environments), use optional chaining when accessing recaptchaSiteKey.

Suggested change

	export function assertNativeRecaptchaSiteKeyConsistency(
	appOptions: Pick<ReactNativeFirebase.FirebaseAppOptions, 'recaptchaSiteKey'>,
	constructorSiteKey: string,
	): void {
	const configSiteKey = appOptions.recaptchaSiteKey;
	export function assertNativeRecaptchaSiteKeyConsistency(
	appOptions: Pick<ReactNativeFirebase.FirebaseAppOptions, 'recaptchaSiteKey'>,
	constructorSiteKey: string,
	): void {
	const configSiteKey = appOptions?.recaptchaSiteKey;

[gemini-code-assist]

To prevent potential runtime errors if app or app.options is undefined or null (e.g., in custom environments or unit tests), use optional chaining when retrieving recaptchaSiteKey.

Suggested change

	app: { options: { recaptchaSiteKey?: string } },
	options: WebInitializeAppCheckOptions,
	): JsAppCheckOptions {
	const { provider, isTokenAutoRefreshEnabled } = options;
	if (!provider) {
	const recaptchaSiteKey = app.options.recaptchaSiteKey;
	app: { options: { recaptchaSiteKey?: string } },
	options: WebInitializeAppCheckOptions,
	): JsAppCheckOptions {
	const { provider, isTokenAutoRefreshEnabled } = options;
	if (!provider) {
	const recaptchaSiteKey = app?.options?.recaptchaSiteKey;