feat(appcheck): Implement reCAPTCHA Enterprise App Check provider (#7125)

This PR introduces the new `firebase-appcheck-recaptchaenterprise`
module, enabling reCAPTCHA Enterprise as an attestation provider for
Firebase App Check.

**Key Changes & Components:**

* **`RecaptchaEnterpriseAppCheckProviderFactory.java`**: Factory for
creating reCAPTCHA Enterprise App Check providers, abstracting the
reCAPTCHA client initialization.
* **`FirebaseAppCheckRecaptchaEnterpriseRegistrar.java`**: Handles
automatic registration of the provider via Firebase's component system.
* **`SiteKey.java`**: A utility class to encapsulate the reCAPTCHA
Enterprise site key.
* **`ExchangeRecaptchaEnterpriseTokenRequest.java`**: Defines the
client-side data model for the App Check Token Exchange API payload.
* **`NetworkClient.java`**: Extended to include the specific endpoint
and token type for reCAPTCHA Enterprise attestation exchange.
* **`RecaptchaEnterpriseAppCheckProvider.java`**: The core
`AppCheckProvider` implementation, responsible for:
* Interacting with the reCAPTCHA Android client to obtain attestation
tokens.
* Using the `NetworkClient` to exchange these tokens with the Firebase
App Check backend.
    * Converting the backend response into a usable `AppCheckToken`.
* **Build System Integration**:
* `AndroidManifest.xml`: Updated with necessary internet permissions for
the reCAPTCHA Android SDK.
* `firebase-appcheck-recaptchaenterprise.gradle`: New module's build
configuration, including dependencies.
* `subprojects.cfg`: Module added to the Firebase Android SDK's
multi-project build.

Author: hiteshmaurya56

appcheck/firebase-appcheck-recaptchaenterprise/api.txt

@@ -0,0 +1,10 @@
+// Signature format: 3.0
+package com.google.firebase.appcheck.recaptchaenterprise {
+
+  public class RecaptchaEnterpriseAppCheckProviderFactory implements com.google.firebase.appcheck.AppCheckProviderFactory {
+    method public com.google.firebase.appcheck.AppCheckProvider create(com.google.firebase.FirebaseApp);
+    method public static com.google.firebase.appcheck.recaptchaenterprise.RecaptchaEnterpriseAppCheckProviderFactory getInstance(String);
+  }
+
+}
+

appcheck/firebase-appcheck-recaptchaenterprise/existing_api.txt

@@ -0,0 +1,10 @@
+// Signature format: 3.0
+package com.google.firebase.appcheck.recaptchaenterprise {
+
+  public class RecaptchaEnterpriseAppCheckProviderFactory implements com.google.firebase.appcheck.AppCheckProviderFactory {
+    method public com.google.firebase.appcheck.AppCheckProvider create(com.google.firebase.FirebaseApp);
+    method public static com.google.firebase.appcheck.recaptchaenterprise.RecaptchaEnterpriseAppCheckProviderFactory getInstance(String);
+  }
+
+}
+

appcheck/firebase-appcheck-recaptchaenterprise/firebase-appcheck-recaptchaenterprise.gradle

@@ -0,0 +1,68 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+plugins {
+    id 'firebase-library'
+}
+
+firebaseLibrary {
+    libraryGroup = "appcheck"
+    releaseNotes {
+        name.set("{{app_check}} Recaptcha Enterprise")
+        versionName.set("appcheck-recaptchaenterprise")
+    }
+}
+
+android {
+    adbOptions {
+        timeOutInMs 60 * 1000
+    }
+
+    namespace "com.google.firebase.appcheck.recaptchaenterprise"
+    compileSdkVersion project.compileSdkVersion
+    defaultConfig {
+        targetSdkVersion project.targetSdkVersion
+        minSdkVersion project.minSdkVersion
+        versionName version
+        testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
+    }
+    compileOptions {
+        sourceCompatibility JavaVersion.VERSION_1_8
+        targetCompatibility JavaVersion.VERSION_1_8
+    }
+
+    testOptions.unitTests.includeAndroidResources = false
+}
+
+dependencies {
+    implementation(libs.dagger.dagger)
+
+    api project(':appcheck:firebase-appcheck')
+    api 'com.google.firebase:firebase-common'
+    api 'com.google.firebase:firebase-components'
+    api 'com.google.android.recaptcha:recaptcha:18.7.1'
+
+    annotationProcessor(libs.dagger.compiler)
+
+    testImplementation(project(":integ-testing")) {
+        exclude group: 'com.google.firebase', module: 'firebase-common'
+        exclude group: 'com.google.firebase', module: 'firebase-components'
+    }
+    testImplementation libs.androidx.test.core
+    testImplementation libs.truth
+    testImplementation libs.junit
+    testImplementation libs.mockito.core
+    testImplementation libs.robolectric
+    testImplementation libs.org.json
+}

appcheck/firebase-appcheck-recaptchaenterprise/src/main/AndroidManifest.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Copyright 2025 Google LLC -->
+<!-- -->
+<!-- Licensed under the Apache License, Version 2.0 (the "License"); -->
+<!-- you may not use this file except in compliance with the License. -->
+<!-- You may obtain a copy of the License at -->
+<!-- -->
+<!--      http://www.apache.org/licenses/LICENSE-2.0 -->
+<!-- -->
+<!-- Unless required by applicable law or agreed to in writing, software -->
+<!-- distributed under the License is distributed on an "AS IS" BASIS, -->
+<!-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -->
+<!-- See the License for the specific language governing permissions and -->
+<!-- limitations under the License. -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android">
+
+    <application>
+        <service
+            android:name="com.google.firebase.components.ComponentDiscoveryService"
+            android:exported="false">
+            <meta-data
+                android:name="com.google.firebase.components:com.google.firebase.appcheck.recaptchaenterprise.FirebaseAppCheckRecaptchaEnterpriseRegistrar"
+                android:value="com.google.firebase.components.ComponentRegistrar" />
+        </service>
+    </application>
+</manifest>

appcheck/firebase-appcheck-recaptchaenterprise/src/main/java/com/google/firebase/appcheck/recaptchaenterprise/FirebaseAppCheckRecaptchaEnterpriseRegistrar.java

@@ -0,0 +1,64 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.firebase.appcheck.recaptchaenterprise;
+
+import com.google.android.gms.common.annotation.KeepForSdk;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.annotations.concurrent.Blocking;
+import com.google.firebase.annotations.concurrent.Lightweight;
+import com.google.firebase.appcheck.recaptchaenterprise.internal.DaggerProviderComponent;
+import com.google.firebase.appcheck.recaptchaenterprise.internal.ProviderMultiResourceComponent;
+import com.google.firebase.components.Component;
+import com.google.firebase.components.ComponentRegistrar;
+import com.google.firebase.components.Dependency;
+import com.google.firebase.components.Qualified;
+import com.google.firebase.platforminfo.LibraryVersionComponent;
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.Executor;
+
+/**
+ * {@link ComponentRegistrar} for setting up FirebaseAppCheck reCAPTCHA Enterprise's dependency
+ * injections in Firebase Android Components.
+ *
+ * @hide
+ */
+@KeepForSdk
+public class FirebaseAppCheckRecaptchaEnterpriseRegistrar implements ComponentRegistrar {
+  private static final String LIBRARY_NAME = "fire-app-check-recaptcha-enterprise";
+
+  @Override
+  public List<Component<?>> getComponents() {
+    Qualified<Executor> liteExecutor = Qualified.qualified(Lightweight.class, Executor.class);
+    Qualified<Executor> blockingExecutor = Qualified.qualified(Blocking.class, Executor.class);
+
+    return Arrays.asList(
+        Component.builder(ProviderMultiResourceComponent.class)
+            .name(LIBRARY_NAME)
+            .add(Dependency.required(FirebaseApp.class))
+            .add(Dependency.required(liteExecutor))
+            .add(Dependency.required(blockingExecutor))
+            .factory(
+                container ->
+                    DaggerProviderComponent.builder()
+                        .setFirebaseApp(container.get(FirebaseApp.class))
+                        .setLiteExecutor(container.get(liteExecutor))
+                        .setBlockingExecutor(container.get(blockingExecutor))
+                        .build()
+                        .getMultiResourceComponent())
+            .build(),
+        LibraryVersionComponent.create(LIBRARY_NAME, BuildConfig.VERSION_NAME));
+  }
+}

appcheck/firebase-appcheck-recaptchaenterprise/src/main/java/com/google/firebase/appcheck/recaptchaenterprise/RecaptchaEnterpriseAppCheckProviderFactory.java

@@ -0,0 +1,62 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.firebase.appcheck.recaptchaenterprise;
+
+import androidx.annotation.NonNull;
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.appcheck.AppCheckProvider;
+import com.google.firebase.appcheck.AppCheckProviderFactory;
+import com.google.firebase.appcheck.FirebaseAppCheck;
+import com.google.firebase.appcheck.recaptchaenterprise.internal.ProviderMultiResourceComponent;
+import com.google.firebase.appcheck.recaptchaenterprise.internal.RecaptchaEnterpriseAppCheckProvider;
+import java.util.Objects;
+
+/**
+ * Implementation of an {@link AppCheckProviderFactory} that builds <br>
+ * {@link RecaptchaEnterpriseAppCheckProvider}s. This is the default implementation.
+ */
+public class RecaptchaEnterpriseAppCheckProviderFactory implements AppCheckProviderFactory {
+
+  private final String siteKey;
+  private volatile RecaptchaEnterpriseAppCheckProvider provider;
+
+  private RecaptchaEnterpriseAppCheckProviderFactory(@NonNull String siteKey) {
+    this.siteKey = siteKey;
+  }
+
+  /** Gets an instance of this class for installation into a {@link FirebaseAppCheck} instance. */
+  @NonNull
+  public static RecaptchaEnterpriseAppCheckProviderFactory getInstance(@NonNull String siteKey) {
+    Objects.requireNonNull(siteKey, "siteKey cannot be null");
+    return new RecaptchaEnterpriseAppCheckProviderFactory(siteKey);
+  }
+
+  @NonNull
+  @Override
+  @SuppressWarnings("FirebaseUseExplicitDependencies")
+  public AppCheckProvider create(@NonNull FirebaseApp firebaseApp) {
+    if (provider == null) {
+      synchronized (this) {
+        if (provider == null) {
+          ProviderMultiResourceComponent component =
+              firebaseApp.get(ProviderMultiResourceComponent.class);
+          provider = component.get(siteKey);
+          provider.initializeRecaptchaClient();
+        }
+      }
+    }
+    return provider;
+  }
+}

appcheck/firebase-appcheck-recaptchaenterprise/src/main/java/com/google/firebase/appcheck/recaptchaenterprise/internal/ExchangeRecaptchaEnterpriseTokenRequest.java

@@ -0,0 +1,44 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.firebase.appcheck.recaptchaenterprise.internal;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.VisibleForTesting;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+/**
+ * Client-side model of the ExchangeRecaptchaEnterpriseTokenRequest payload from the Firebase App
+ * Check Token Exchange API.
+ */
+public class ExchangeRecaptchaEnterpriseTokenRequest {
+
+  @VisibleForTesting
+  static final String RECAPTCHA_ENTERPRISE_TOKEN_KEY = "recaptchaEnterpriseToken";
+
+  private final String recaptchaEnterpriseToken;
+
+  public ExchangeRecaptchaEnterpriseTokenRequest(@NonNull String recaptchaEnterpriseToken) {
+    this.recaptchaEnterpriseToken = recaptchaEnterpriseToken;
+  }
+
+  @NonNull
+  public String toJsonString() throws JSONException {
+    JSONObject jsonObject = new JSONObject();
+    jsonObject.put(RECAPTCHA_ENTERPRISE_TOKEN_KEY, recaptchaEnterpriseToken);
+
+    return jsonObject.toString();
+  }
+}

appcheck/firebase-appcheck-recaptchaenterprise/src/main/java/com/google/firebase/appcheck/recaptchaenterprise/internal/ProviderComponent.java

@@ -0,0 +1,47 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.firebase.appcheck.recaptchaenterprise.internal;
+
+import com.google.firebase.FirebaseApp;
+import com.google.firebase.annotations.concurrent.Blocking;
+import com.google.firebase.annotations.concurrent.Lightweight;
+import dagger.BindsInstance;
+import dagger.Component;
+import dagger.Module;
+import java.util.concurrent.Executor;
+import javax.inject.Singleton;
+
+@Singleton
+@Component(modules = ProviderComponent.MainModule.class)
+public interface ProviderComponent {
+  ProviderMultiResourceComponent getMultiResourceComponent();
+
+  @Component.Builder
+  interface Builder {
+    @BindsInstance
+    Builder setFirebaseApp(FirebaseApp firebaseApp);
+
+    @BindsInstance
+    Builder setLiteExecutor(@Lightweight Executor liteExecutor);
+
+    @BindsInstance
+    Builder setBlockingExecutor(@Blocking Executor blockingExecutor);
+
+    ProviderComponent build();
+  }
+
+  @Module
+  abstract class MainModule {}
+}

appcheck/firebase-appcheck-recaptchaenterprise/src/main/java/com/google/firebase/appcheck/recaptchaenterprise/internal/ProviderMultiResourceComponent.java

@@ -0,0 +1,57 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.firebase.appcheck.recaptchaenterprise.internal;
+
+import androidx.annotation.NonNull;
+import dagger.assisted.Assisted;
+import dagger.assisted.AssistedFactory;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import javax.inject.Inject;
+import javax.inject.Singleton;
+
+/** Multi-resource container for RecaptchaEnterpriseAppCheckProvider */
+@Singleton
+public final class ProviderMultiResourceComponent {
+  private final RecaptchaEnterpriseAppCheckProviderFactory providerFactory;
+
+  private final Map<String, RecaptchaEnterpriseAppCheckProvider> instances =
+      new ConcurrentHashMap<>();
+
+  @Inject
+  ProviderMultiResourceComponent(RecaptchaEnterpriseAppCheckProviderFactory providerFactory) {
+    this.providerFactory = providerFactory;
+  }
+
+  @NonNull
+  public RecaptchaEnterpriseAppCheckProvider get(@NonNull String siteKey) {
+    RecaptchaEnterpriseAppCheckProvider provider = instances.get(siteKey);
+    if (provider == null) {
+      synchronized (instances) {
+        provider = instances.get(siteKey);
+        if (provider == null) {
+          provider = providerFactory.create(siteKey);
+          instances.put(siteKey, provider);
+        }
+      }
+    }
+    return provider;
+  }
+
+  @AssistedFactory
+  interface RecaptchaEnterpriseAppCheckProviderFactory {
+    RecaptchaEnterpriseAppCheckProvider create(@Assisted String siteKey);
+  }
+}