We've updated Hanko Cloud with the following changes:
Check out the new features by signing in to your Hanko Cloud account.
For this release, we focused on making smaller improvements and fixing things. The highlights are:
Full Changelog: backend/v0.5.0...backend/v0.6.0
All Hanko Cloud projects will be automatically updated to v0.6.0 later this week.
Today, we've updated Hanko Cloud with the following changes:
Check out the new features by signing in to your Hanko Cloud account.
.svg)
The leading feature of this release is support for 3rd-party identity providers, starting with Google and GitHub. Coming up next, Sign in with Apple is already in the making, and support for Microsoft accounts will follow shortly after. We've built the OAuth components in a modular way so that support for even more identity providers (e.g. Twitter, Facebook, Slack) can be added quickly by us or external contributors if there's demand for it.
During the first months of working on Hanko, we focused our efforts towards establishing a fully usable, production-ready authentication stack that is built for passkeys. With this now in place, we're able to combine the new and exciting passkey login flows with today's most popular authentication methods, i.e., "social logins".
Even with passkeys now broadly supported on all ecosystems, we think that offering sign up and login options for popular 3rd-party identity providers still makes sense, especially to convert new users quickly by allowing them to skip the "enter your email" and email verification steps. After a successful sign in with e.g. Google, users will be presented with the option to create a passkey for the app where Hanko is integrated, which can then be used for subsequent logins that no longer need to (but still can) be done through the 3rd-party.
We've updated the example apps to use the latest hanko-elements version and added the hanko-profile element to each example.
Thanks to @irby, we now have support for the logout flow in hanko-frontend-sdk, making Hanko's integration even simpler.
Full Changelog: v0.4.0...backend/v0.5.0
All Hanko Cloud projects have been updated to v0.5.0.
We've updated Hanko Cloud with the following changes:
Check out the new features by signing in to your Hanko Cloud account.
The following new features are now available for Hanko Cloud admins:
Check out the new features by signing in to your Hanko Cloud account.
This release introduces the new Hanko profile custom element and basic rate limiting.
In addition to <hanko-auth>, hanko-elements now also contains <hanko-profile>, a profile page that can be integrated into your app and fully customized with CSS. The profile supports email and credential management, allowing your users to change their email address, their password (if enabled), and manage their passkeys.
You can check out the new <hanko-profile> on example.hanko.io. We'd love to hear your thoughts.
Note: The import path for the elements package has been changed. See elements readme for more information. To use <hanko-profile>, you need the latest version of the hanko-elements (v0.1.1-alpha) and Hanko backend v0.4.0.
This version also introduces basic rate limiting to Hanko to protect endpoints from scripted / DoS attacks. The rate limiter supports both in-memory and Redis configurations and uses a combination of user ID and IP address. (See docs).
Hanko backend API now has endpoints to manage passkeys. Used by the new profile element, the new credentials API allows you to get a list of the user's passkeys, and individually rename and delete passkeys. (See docs).
Search endpoints are now available for users and events, preceding the upcoming release of the corresponding search features in Hanko Cloud. (See docs).
Full Changelog: v0.3.2...v0.4.0
All Hanko Cloud projects have been updated to v0.4.0 on Feb 3, 2023.
Adding support for native Android and iOS apps and bringing Hanko to Svelte.
Developers can now use Hanko for authentication when building native apps for Android and iOS. Since passkeys can also be used in native apps, this enables a seamless user experiences across websites and native apps.
To make this work, we had to add support for multiple WebAuthn origins to Hanko backend. Passkeys are always bound to an "origin", and in most cases that is a domain. However, unlike websites and iOS apps, an Android app identifies itself with its APK hash during the WebAuthn ceremonies required to use passkeys. This APK hash can now be added to the list of allowed origins in the Hanko backend config.
We will also release a first draft of a sample app for Android very soon to provide guidance on building native app authentication with passkeys using Hanko.
A small bug in the library we're using for our web components prevented Hanko to work with Svelte apps. Until now. The integration guide can be found at https://docs.hanko.io/guides/svelte.
Full Changelog: v0.3.1...v0.3.2
The main feature of this release is the support for hardware security keys on passkey creation.
Until now, we allowed passkeys to be created only on platform authenticators (Touch ID, Face ID, Windows Hello..., i.e., the device you're browsing on) to keep things simple. Roaming authenticators, most commonly known as security keys, were not supported by Hanko so far. But with this release, we removed all restrictions regarding the authenticator types. It is perfectly fine to store a passkey on a physical security key, and now you can do that with Hanko.
One thing to be aware of is that most security keys only support storing a limited number of passkeys that can be as low as 25 in some cases.
This change also improves the passkey creation UI in Chromium browsers where it's now possible to store the passkey on your phone through the QR code flow – which was only working in Safari before.
Thanks to @hilli our docker builds now support other platforms than X86, namely AMD64 and ARM64. That's awesome!
Full Changelog: v0.3.0...v0.3.1
The main features of this release are support for Conditional UI and an audit log system.
Hanko's login box now supports Conditional UI, aka passkey autofill. In supported browsers, the "Sign in with a passkey" button is no longer required, and instead a passkey autofill UI is displayed when the user clicks or taps on the username input. Passkey autofill lists all available passkeys and is much less intrusive or misleading than the extra button that may or may not work for users that don't have any passkey yet. You can test passkey autofill today by spinning up a local Hanko example. We will also update passkeys.io in the next few days. Browsers that already support conditional UI are:
We've added a new feature to Hanko backend to collect audit logs and an API to access the logs. The focus here is on user actions (e.g., login attempt, passkey creation, password changed).
For more details about this release see full changelog on GitHub.
Stay up-to-date with the latest releases, new features, and bug fixes.
