Overview:
Hanko is an open source authentication and user management solution built on privacy-first principles, including data minimalism and phishing resistance. It supports modern authentication methods such as passwords, passkeys, MFA, social logins, and SAML SSO. The project is API-first, cloud-native, and integrates easily via web components called Hanko Elements. It is designed for developers building login and onboarding flows across frameworks, with flexible configurations like passkey-only or OAuth-only setups. Hanko is available for self-hosting or as a managed service via Hanko Cloud.
Core Features:
Flexible authentication support: Offers passwords, passcodes, passkeys, TOTP MFA, security keys, OAuth SSO (Apple, Google, GitHub, and more), and SAML Enterprise SSO.
Hanko Elements web components: Customizable, CSS-stylable web components for onboarding, login, and user profile functionality.
API-first architecture: A lightweight authentication API handling passwords, passkeys, email passcodes, OAuth SSO, user and session management, and JWT issuing.
Server-side sessions & remote session revocation: Supports session management with the ability to revoke sessions remotely.
Webhooks & custom OIDC/OAuth connections: Allows integration with external services and custom identity providers.
i18n & custom translations: Supports internationalization with custom translations for the user interface.
Use Cases:
Developers building a sign-up, login, or user profile UI without building their own authentication backend from scratch.
Projects that need self-hosted authentication with support for multiple methods, including passkeys, MFA, and social logins.
Organizations requiring SAML-based single sign-on (SSO) for enterprise identity provider integration.
Engineers integrating authentication into different frontend frameworks using client-side JS SDKs or web components.
Why It Matters:
Hanko provides a self-hostable authentication backend with a modular frontend setup via web components, allowing developers to avoid lock-in to a proprietary auth provider. The API-first design supports custom frontend implementations, while the inclusion of passkeys, TOTP, security keys, and SAML SSO reduces the need to integrate multiple authentication services. Its AGPL-3.0 license (with commercial licensing available) and support for self-hosting give teams full control over user data and session management.
