Introducing the Hanko JavaScript Frontend SDK

Using the Hanko API has now become much easier with the introduction of our frontend SDK. The most common use cases (for now) are retrieving information about or creating a(nother) passkey for the authenticated user.

We also updated the Hanko Web Component (hanko-auth element) and the example app to make use of the new SDK. The example app also got a "Create a passkey" button to the /secured page to allow authenticated users creating additional passkeys.

Our packages are available on npm:

• hanko-frontend-sdk
• hanko-elements

What's more

Our OpenAPI specification has been reworked from scratch and is now on par with the backend.

‍

For more details about this release see the full changelog on GitHub.

Aka The Compatibility Patch.

After our initial release about a month ago, we've been coding through the heat wave and made sure to fix a handful of issues. We were able to make some important steps to give the Hanko login experience a good polish. Here are some highlights:

<hanko-auth>

• The default design of hanko-auth element is now a bit more neutral and we removed most width and height default settings to make it more responsive for seamless integration into different layouts
• Entering an email address now also triggers the WebAuthn / passkey login flow if the associated account has a credential
• Disabled the passkey button on Android, as passkeys (i.e., discoverable credentials / empty allowCredentials lists) are not yet supported on Android; WebAuthn logins can still be triggered by entering an email that has registered a credential before

Hanko API

• Added support for cross-domain cookies to allow backend and frontend to be hosted on different domains
• WebAuthn `transports = "internal"` is currently broken on Android and Windows, so we removed transports from all login requests; this results in the option "Security Keys" being shown in some login scenarios, even if the credential was created with a platform authenticator; we'll revisit this when the authenticators on Android and Windows got better passkey support
• Worked around an issue with Safari on iOS 15 and macOS Monterey where the WebAuthn login could only be initiated once per page reload

Other

• Docker Compose / Quickstart now works properly on M1 macs

Contributors

• @SojinSamuel made their first contribution to this project. Thank you!
• @SimoMay contributed to v0.1.0, but we forgot to mention it. Sorry & big thanks to you!

‍

It's been 4 months since we've started building Hanko open source and today we're happy to announce the initial beta release of the project on GitHub.

The timing couldn't be better, as Apple's passkey implementations will soon be available for everyone to test in the public beta versions of iOS 16 and macOS 13. It's a fascinating experience to see the first true evolutionary step in user authentication in action. Of course, Hanko's passwordless authentication also works on all current live platforms (iOS, macOS, Android, Windows), just without the full passkey support that will be available on our devices later this year.

Head over to GitHub now and give Hanko a try, we'd love to hear your feedback.

What's new

Hanko's code has been available on GitHub since day 1 of development. We've been adding new features almost daily, and today we reached our biggest milestone yet: the first beta release. Here's what we've added since the last announcement a few weeks ago and what completes the project:

• UI customization: The last missing piece for the first version of Hanko was UI customization. While we made sure the Hanko login box looked good without any additional styling, our goal was for Hanko to fit seamlessly into any website and brand. Customers want their login to feel native, it should blend well with the rest of the site. This is now possible thanks to the extensive customization options we've added to the Hanko web component, which is delivered as part of our frontend library.
• Hanko-elements published on npm: Besides the minimalistic passkey authentication API, a key feature of Hanko is the <hanko-auth> element, which brings a full user interface, gives your users a modern login and registration experience, and can be integrated into any website with just two lines of code. We have now released the first version of hanko-elements on npm to make building with Hanko as easy as possible.
• E2E testing: Delivering stable code is a priority for us, so we put a lot of effort into setting up end-to-end testing. We use Playwright for this and are very happy with the results. The tests are already integrated into our build pipeline on GitHub, and we have put together a short guide on how to run the tests locally.

How to get started

Just follow the Getting Started guide in the project's readme to get your passkey-enabled login example app up and running locally with Docker Compose in just a few minutes.

Get involved

We'd love to get to know you and hear your feedback, so we invite you to join our growing Hanko Community on Slack and be a part of the passkey revolution.

Following some productive weeks, today we announce the first functional Alpha release of Hanko open source on GitHub.

What's already working

The Hanko open source project packs Hanko API including our FIDO-certified WebAuthn endpoints and hanko-js, a web component that can be integrated into any website with just two lines of code.

• Registration and login flows with and without passwords
• Passkey authentication
• Passcodes, a convenient way to recover account access and verify email addresses
• Multi-language support (English and German for now)
• JWT issuing
• Admin API

How to get started

Just follow the Getting Started guide in the project's readme to get your passkey-enabled login example app up and running locally with Docker Compose in just a few minutes.

Get involved

We'd love to get to know you and hear your feedback, so we invite you to join our growing Hanko Community on Slack and be a part of the passkey revolution.

We started working on the Hanko open source project and are heads-down building the authentication solution for the next generation of web and mobile app projects.

Move to the passwordless future – but with today's users

When Apple, Google, and Microsoft recently presented their visions of a passwordless future, the login experiences they showed in their live demos is exactly how we are building Hanko. A typical password login is still possible, but the UI is pointing users towards passwordless authentication with passkeys, powered by FIDO2 and WebAuthn. This future-proof login experience is what you get with Hanko out-of-the-box.

Follow the progress

We are building Hanko in public, you can follow our progress on GitHub. and let us know what you think on Twitter or in our Slack community. In a few weeks, we'll start posting milestones and a public roadmap.