I was wondering if anybody has done it already. I think it would be a nice addition to the authorization policies. If the reCaptcha is successful - you are authorized to access the requested resource. If reCaptcha fails - Access Forbidden. Any ideas how to do it?