At a Glance:
Hanko is an open-source authentication and user management solution supporting passkeys, passwords, MFA, SAML SSO, and OAuth, delivered through API-first web components and available for self-hosting or as a managed cloud service.
Overview:
Hanko is an open-source authentication and user management solution designed to be framework-agnostic and easy to integrate. It provides a backend authentication API that handles passwords, passkeys, email passcodes, OAuth SSO, and SAML SSO, alongside Hanko Elements — customizable web components for onboarding, login, and user profile interfaces. The project ships with a JavaScript SDK and is described as API-first, lightweight, and cloud-native. Organizations can self-host the backend or use the fully managed Hanko Cloud service.
Key Decision Points:
Web component integration: Hanko Elements are ready-made UI components that can be dropped into applications, useful for teams who prefer not to build custom auth UIs.
Self-hosting option: The backend can be self-hosted under AGPL-3.0, which is relevant for deployments that require own-infrastructure data handling.
Authentication method mix: Supports passwords, passkeys, email passcodes, OAuth providers (Apple, Google, GitHub, and custom OIDC/OAuth), and SAML SSO — configurable to passkey-only or OAuth-only setups.
Frontend flexibility: The API manages all auth flow states, allowing developers to build entirely custom frontend experiences using the API and SDK instead of Hanko Elements.
Work-in-progress features: Organizations, roles, permissions, and native mobile SDKs are listed as upcoming, not yet ready — teams needing those today would need to evaluate alternatives.
Core Features:
Hanko Elements: Customizable web components providing onboarding, login, and user profile UIs.
Backend authentication API: REST API handling credential-based login, passkey ceremonies, email passcodes, OAuth, SAML SSO, user management, session management, and JWT issuance.
Passkey support: Implementation of FIDO2/WebAuthn-based passkeys for phishing-resistant authentication.
Multi-Factor Authentication (MFA): Support for TOTP and security keys as second factors.
SAML Enterprise SSO: Out-of-the-box SAML integration for connecting enterprise identity providers.
Webhooks: Event-driven hooks for reacting to authentication and user lifecycle events.
Use Cases:
Developers integrating authentication via web components: Teams can use pre-built Hanko Elements to add login and profile interfaces without building custom UI code.
Self-hosting deployments with flexible auth methods: Organizations that need to run their authentication stack on their own infrastructure while supporting multiple login methods including passkeys and SSO.
OAuth or passkey-only applications: Projects that want to restrict login to a specific method can configure Hanko for OAuth-only or passkey-only flows.
Open-Source Alternative Value:
Hanko provides a self-hostable authentication backend under AGPL-3.0, allowing developers to deploy and operate the auth layer on their own infrastructure. The frontend-facing parts — Hanko Elements and the JavaScript SDK — are MIT-licensed. Developers can use the pre-built web components for rapid integration or build fully custom UIs using the API and frontend SDK. The availability of the source code and self-hosting option makes Hanko relevant for projects evaluating alternatives to managed auth providers.
