August 8, 2024
Hanko Cloud
Hanko
Hanko Elements

Hanko 1.0: Flow API

We are excited to release Hanko 1.0 today. After two years in Beta, Hanko 1.0 is more user friendly, more customizable and more mature than any previous release in almost all areas, which is now represented by the 1.0 version number.

Highlights

Options, options, options

  • Identifiers and auth methods can be enabled individually and freely combined, no more implicit settings
  • Optional passwords that can be deleted by the user, i.e. give users the choice to select a password or a passkey as their preferred authentication method
  • Smooth migration of existing users, e.g. transition from a password-based system to passkeys, without overburdening all users at once

Usernames

  • Usernames are now supported as identifiers, in addition to email addresses
  • Emails and usernames can also be used simultaneously

Privacy

  • Configurations that use the email identifier and require email verification now effectively prevent email enumeration, enabling a fully privacy-preserving implementation of login and registration
  • A setting to disable "privacy mode" for situations where explicit feedback to the user is preferred (e.g. "An account using this email address already exists.") is planned for a future release

Dedicated login and registration flows

  • Login and registration flows have been separated to present only relevant actions to the user, e.g. "Sign in with a passkey" makes no sense for a user who wants to register a new account
  • Introducing new elements <hanko-login> and <hanko-registration> that can be placed on separate pages, e.g. /login and /registration
  • Combined <hanko-auth> element is still available, allowing users to toggle between login and registration on the same page

Introducing the all-new Flow API

This version contains a new API, which we call Flow API (#1532). With the previous RESTful API of the Hanko backend, it had become very complex to extend the functionality of Hanko. This was mainly due to the fact that most of the state handling was done in Hanko Elements and each endpoint had to be called in a specific order to work properly. The Flow API takes over this complexity completely in the backend and thus enables us to further develop the Hanko system at a higher speed than ever before.

  • This 1.0 release includes the Flow API as well as the completely redesigned Hanko Elements to match the Flow API
  • Flow API consists of three new endpoints: /registration, /login, and /profile
  • A number of new email templates have been introduced to provide better context for users
  • Old API endpoints handling login and registration will be deprecated, but will continue to work for the foreseeable future to allow a smooth transition to the Flow API
  • A frontend SDK and documentation for the creation of custom frontends for the Flow API will follow shortly

Migration

When migrating your application to the new Hanko 1.0 Elements, be aware of the following changes: 

  • onAuthFlowCompleted events have been removed (use onSessionCreated instead)
  • onSessionCreated contains the session JWT, but not the user ID anymore

For the self-hosting migration guide see the release notes on GitHub.