This article will explain how the Google score may be determined with Bot detection logs enabled while using reCaptcha Enterprise with the checkbox challenge in our GCP enabled. See below for an example of the logs:
 

{
"date": "2023-05-12T12:03:13.993Z",
"type": "pla",
"description": "Pre-login risk assessment",
"connection_id": "",
"client_id": "redacted",
"client_name": "acmeapp",
"ip": "redacted",
"user_agent": "Chrome 113.0.0 / Mac OS X 10.15.7",
"details": {
"ipOnAllowlist": false,
"requiresVerification": false,
"session_id": "7W..redacted"
},
"hostname": "redacted",
"user_id": "",
"user_name": "",
"log_id": "90020230512120314533532000000000000001223372043103668373",
"_id": "90020230512120314533532000000000000001223372043103668373",
"isMobile": false,
"id": "90020230512120314533532000000000000001223372043103668373"
}

• Bot Detection
• reCaptcha Enterprise
• Google Score

Google reCAPTCHA has a two-stage risk assessment. The Auth0 bot detection decides if the reCAPTCHA should be shown at all, and then the reCAPTCHA assesses how difficult of a challenge to present once it is rendered. For the second part, Auth0 does not have control over when Google shows the checkbox or captcha tiles.