We've updated Hanko Cloud with the following changes:
Check out the new features by signing in to your Hanko Cloud account.
The following new features are now available for Hanko Cloud admins:
Check out the new features by signing in to your Hanko Cloud account.
This release introduces the new Hanko profile custom element and basic rate limiting.
In addition to <hanko-auth>, hanko-elements now also contains <hanko-profile>, a profile page that can be integrated into your app and fully customized with CSS. The profile supports email and credential management, allowing your users to change their email address, their password (if enabled), and manage their passkeys.
You can check out the new <hanko-profile> on example.hanko.io. We'd love to hear your thoughts.
Note: The import path for the elements package has been changed. See elements readme for more information. To use <hanko-profile>, you need the latest version of the hanko-elements (v0.1.1-alpha) and Hanko backend v0.4.0.
This version also introduces basic rate limiting to Hanko to protect endpoints from scripted / DoS attacks. The rate limiter supports both in-memory and Redis configurations and uses a combination of user ID and IP address. (See docs).
Hanko backend API now has endpoints to manage passkeys. Used by the new profile element, the new credentials API allows you to get a list of the user's passkeys, and individually rename and delete passkeys. (See docs).
Search endpoints are now available for users and events, preceding the upcoming release of the corresponding search features in Hanko Cloud. (See docs).
Full Changelog: v0.3.2...v0.4.0
All Hanko Cloud projects have been updated to v0.4.0 on Feb 3, 2023.
Adding support for native Android and iOS apps and bringing Hanko to Svelte.
Developers can now use Hanko for authentication when building native apps for Android and iOS. Since passkeys can also be used in native apps, this enables a seamless user experiences across websites and native apps.
To make this work, we had to add support for multiple WebAuthn origins to Hanko backend. Passkeys are always bound to an "origin", and in most cases that is a domain. However, unlike websites and iOS apps, an Android app identifies itself with its APK hash during the WebAuthn ceremonies required to use passkeys. This APK hash can now be added to the list of allowed origins in the Hanko backend config.
We will also release a first draft of a sample app for Android very soon to provide guidance on building native app authentication with passkeys using Hanko.
A small bug in the library we're using for our web components prevented Hanko to work with Svelte apps. Until now. The integration guide can be found at https://docs.hanko.io/guides/svelte.
Full Changelog: v0.3.1...v0.3.2
The main feature of this release is the support for hardware security keys on passkey creation.
Until now, we allowed passkeys to be created only on platform authenticators (Touch ID, Face ID, Windows Hello..., i.e., the device you're browsing on) to keep things simple. Roaming authenticators, most commonly known as security keys, were not supported by Hanko so far. But with this release, we removed all restrictions regarding the authenticator types. It is perfectly fine to store a passkey on a physical security key, and now you can do that with Hanko.
One thing to be aware of is that most security keys only support storing a limited number of passkeys that can be as low as 25 in some cases.
This change also improves the passkey creation UI in Chromium browsers where it's now possible to store the passkey on your phone through the QR code flow – which was only working in Safari before.
Thanks to @hilli our docker builds now support other platforms than X86, namely AMD64 and ARM64. That's awesome!
Full Changelog: v0.3.0...v0.3.1
The main features of this release are support for Conditional UI and an audit log system.
Hanko's login box now supports Conditional UI, aka passkey autofill. In supported browsers, the "Sign in with a passkey" button is no longer required, and instead a passkey autofill UI is displayed when the user clicks or taps on the username input. Passkey autofill lists all available passkeys and is much less intrusive or misleading than the extra button that may or may not work for users that don't have any passkey yet. You can test passkey autofill today by spinning up a local Hanko example. We will also update passkeys.io in the next few days. Browsers that already support conditional UI are:
We've added a new feature to Hanko backend to collect audit logs and an API to access the logs. The focus here is on user actions (e.g., login attempt, passkey creation, password changed).
For more details about this release see full changelog on GitHub.
Using the Hanko API has now become much easier with the introduction of our frontend SDK. The most common use cases (for now) are retrieving information about or creating a(nother) passkey for the authenticated user.
We also updated the Hanko Web Component (hanko-auth element) and the example app to make use of the new SDK. The example app also got a "Create a passkey" button to the /secured page to allow authenticated users creating additional passkeys.
Our packages are available on npm:
Our OpenAPI specification has been reworked from scratch and is now on par with the backend.
For more details about this release see the full changelog on GitHub.
Aka The Compatibility Patch.
After our initial release about a month ago, we've been coding through the heat wave and made sure to fix a handful of issues. We were able to make some important steps to give the Hanko login experience a good polish. Here are some highlights:
It's been 4 months since we've started building Hanko open source and today we're happy to announce the initial beta release of the project on GitHub.
The timing couldn't be better, as Apple's passkey implementations will soon be available for everyone to test in the public beta versions of iOS 16 and macOS 13. It's a fascinating experience to see the first true evolutionary step in user authentication in action. Of course, Hanko's passwordless authentication also works on all current live platforms (iOS, macOS, Android, Windows), just without the full passkey support that will be available on our devices later this year.
Head over to GitHub now and give Hanko a try, we'd love to hear your feedback.
Hanko's code has been available on GitHub since day 1 of development. We've been adding new features almost daily, and today we reached our biggest milestone yet: the first beta release. Here's what we've added since the last announcement a few weeks ago and what completes the project:
Just follow the Getting Started guide in the project's readme to get your passkey-enabled login example app up and running locally with Docker Compose in just a few minutes.
We'd love to get to know you and hear your feedback, so we invite you to join our growing Hanko Community on Slack and be a part of the passkey revolution.
Following some productive weeks, today we announce the first functional Alpha release of Hanko open source on GitHub.
The Hanko open source project packs Hanko API including our FIDO-certified WebAuthn endpoints and hanko-js, a web component that can be integrated into any website with just two lines of code.
Just follow the Getting Started guide in the project's readme to get your passkey-enabled login example app up and running locally with Docker Compose in just a few minutes.
We'd love to get to know you and hear your feedback, so we invite you to join our growing Hanko Community on Slack and be a part of the passkey revolution.
Stay up-to-date with the latest releases, new features, and bug fixes.
