I'm creating a Contact form in a React app, which stores the user input in firebase. I'd like to secure the form with a visible reCAPTCHA, and I'm trying out firebase's built-in reCAPTCHA functionality.

firebase/auth/RecaptchaVerifierdoes provide a callback, which can be used to sign in a user, and documentation shows it working when signing in with a phone number. Can it be used with anonymous authentication though?

When the form is submitted, I have a server component that saves the form fields to firestore. However, how can I verify the recaptcha before committing the data to firestore?

I feel like the server component that commits to firestore needs to first verify g-recaptcha-response submitted with the FormData. But to do that, to use the reCaptcha API to verify the recaptcha response, requires a secret shared between my site and the reCaptcha API. Can my server component handling the form submission access the shared secret that firebase auth automatically creates?

Some references:-

https://firebase.google.com/docs/auth/web/phone-auth#set-up-the-recaptcha-verifier
https://developers.google.com/recaptcha/docs/verify