Google reCAPTCHA Enterprise not Blocking Automated Requests with Puppeteer

Question

I have built a website that utilizes Google reCAPTCHA Enterprise to protect against automated bot attacks. However, I have encountered a situation where my automation script, developed using Puppeteer, is able to successfully bypass the reCAPTCHA challenge and proceed with form submissions. Surprisingly, the reCAPTCHA score I receive is 0.8, indicating a good score. I am perplexed as to why my script is not being blocked as expected.

here is how my backend check the recaptcha token:

async function createAssessment({ projectID, recaptchaKey, token, recaptchaAction }) {
const client = new RecaptchaEnterpriseServiceClient();
const projectPath = client.projectPath(projectID);
const target_event = {
    'token': token,
    siteKey: recaptchaKey
};

const request = {
    assessment: {
        event: target_event
    },
    parent: projectPath,
};

console.log('Creating assessment...');
const [response] = await client.createAssessment(request);
console.log('Assessment created.');

if (!response.tokenProperties.valid) {
    console.log(`The CreateAssessment call failed because the token was: ${response.tokenProperties.invalidReason}`);
    return { score: null, failReason: response.tokenProperties.invalidReason };
}

if (response.tokenProperties.action === recaptchaAction) {
    console.log(`The reCAPTCHA score is: ${response.riskAnalysis.score}`);
    response.riskAnalysis.reasons.forEach((reason) => {
        console.log(reason);
    });

    return { score: response.riskAnalysis.score, failReason: null };
} else {
    console.log("The action attribute in your reCAPTCHA tag does not match the action you are expecting to score");
    return { score: null, failReason: "The action attribute in your reCAPTCHA tag does not match the action you are expecting to score" };
}

from automation script it is like this:

const puppeteer = require('puppeteer');
async function run() {
const browser = await puppeteer.launch({ headless: true });
const page = await browser.newPage();
for (let i = 1; i <= 50; i++) {
    try {
        console.log(`Processing iteration ${i}`);

        // Navigate to the website
        console.log(`Iteration ${i}: Navigating to the website`);
        await page.goto('https://my-domain.com/');

        // Enter the username
        console.log(`Iteration ${i}: Entering the username`);
        await page.type('input[name="login"]', `autotester ${i}`);

        // Enter the password
        console.log(`Iteration ${i}: Entering the password`);
        await page.type('input[name="password"]', 'autotesterpassword');

        // Click the submit button
        console.log(`Iteration ${i}: Clicking the submit button`);
        await page.click('button[type="submit"]');

        // Wait for the page to load after submitting the form
        console.log(`Iteration ${i}: Waiting for the page to load`);
        await page.waitForSelector('#loadingDialog', { hidden: true });

        // Take a screenshot or perform further actions if needed
        console.log(`Iteration ${i}: Taking a screenshot`);
        await page.screenshot({ path: `screenshot_${i}.png` });

        console.log(`Iteration ${i} completed successfully`);
    } catch (error) {
        console.error(`Error occurred in iteration ${i}:`, error);
    }
}

// Close the browser
await browser.close();}run().catch(error => console.error(error));

I would like to seek the community's expertise in understanding why Google reCAPTCHA Enterprise might fail to block automated requests in certain scenarios, especially when using Puppeteer.

Any insights or guidance on this issue would be greatly appreciated. Thank you!