Hanko is an open source authentication and user management solution designed as a privacy-first alternative to proprietary services like Auth0, Clerk, and Stytch. Built in Go and structured as an API-first system, it enables developers to implement modern authentication methods—including passkeys (WebAuthn/FIDO2), passwords, MFA, OAuth SSO, and SAML—without relying on third-party cloud vendors. Hanko supports both self-hosting and managed deployment via Hanko Cloud, giving teams full control over user data while maintaining scalability and compliance. It’s ideal for engineering teams building applications that demand secure, phishing-resistant authentication with full data sovereignty.
The system is modular, consisting of a backend API, frontend web components (Hanko Elements), and JavaScript SDKs. Its architecture is optimized for cloud-native deployment, with Docker support and clear separation between authentication logic and UI layers. Whether you’re building a SaaS product, enterprise application, or mobile-enabled service, Hanko provides the primitives to implement secure user onboarding and session management without reinventing the wheel.
What You Get
- Passwordless authentication with passkeys - Supports FIDO2/WebAuthn for secure, phishing-resistant login using biometrics or security keys without passwords.
- Multi-factor authentication (MFA) - Enables TOTP and hardware security key-based second factors for enhanced account protection.
- OAuth SSO integration - Built-in support for Sign in with Apple, Google, GitHub, and custom OAuth providers to streamline user onboarding.
- SAML Enterprise SSO - Full SAML 2.0 support for integrating with identity providers like Okta, Azure AD, or OneLogin in enterprise environments.
- Hanko Elements web components - Pre-built, CSS-customizable UI components (
<hanko-login>, <hanko-profile>) that handle login, registration, and profile management out of the box.
- Server-side sessions with remote revocation - Manages JWT-based sessions server-side and allows immediate session termination across devices.
- Custom OIDC/OAuth connections - Configure your own OAuth2/OpenID Connect identity providers beyond the built-in ones.
- i18n and custom translations - Translate all UI elements and messages to support global user bases without code changes.
- JavaScript SDK - Official frontend SDK (
@teamhanko/hanko-frontend-sdk) to interact with the Hanko API directly for custom UI implementations.
- Webhooks - Receive real-time events (user signup, login, session revocation) to trigger internal workflows or notify systems.
Common Use Cases
- Building a passwordless SaaS dashboard - A startup wants to eliminate passwords to reduce support costs and phishing risks; uses Hanko’s passkeys and email passcodes with Hanko Elements to deliver a seamless login experience.
- Implementing enterprise SSO for compliance - A healthcare company needs to comply with HIPAA and requires SAML-based authentication; uses Hanko’s SAML SSO integration to connect with their existing Azure AD identity provider.
- Developing a mobile-first app with secure auth - A fintech team needs to authenticate users across web and mobile platforms; uses Hanko’s API and JS SDK to build a unified auth flow with passkey support on iOS/Android via WebAuthn.
- DevOps teams managing multi-cloud auth - A team deploying services across AWS and GCP uses Hanko’s self-hosted backend to maintain consistent authentication policies without vendor lock-in, with Docker-based deployment for reproducibility.
Under The Hood
The Hanko project is a modular authentication platform designed to provide comprehensive identity management capabilities for modern web applications. It combines backend services with frontend UI components, offering a unified solution that supports multiple authentication methods and providers. The system emphasizes extensibility, configuration-driven behavior, and secure handling of user credentials.
Architecture
Hanko follows a monolithic architecture with a strong focus on modularity and separation of concerns.
- The backend is structured around distinct modules for configuration, cryptography, API handling, and external integrations
- Clear design patterns such as dependency injection and configuration-driven behavior are consistently applied
- The system supports flexible authentication flows through well-defined service boundaries
Tech Stack
The project leverages Go for its backend services and modern frontend frameworks for user interfaces.
- The core backend is built in Go with extensive CLI support and configuration-based behavior
- Key dependencies include webauthn for passkey support, Redis for rate limiting, and SMTP for email delivery
- Docker and Skaffold are used for containerization and deployment orchestration, with Go modules managing dependencies
- Playwright is employed for end-to-end testing, complemented by unit and integration tests across components
Code Quality
The codebase reflects a mature approach to testing and error handling, with some inconsistencies.
- Comprehensive test coverage includes integration, functional, and end-to-end testing strategies
- Error handling is present but varies in consistency across different modules
- Code style and naming conventions are mostly consistent, though some technical debt remains in test infrastructure
- Linting and CI/CD pipelines are configured to support code quality standards
What Makes It Unique
Hanko distinguishes itself through its modular and extensible approach to authentication.
- Its unified admin and user APIs provide consistent management of diverse credential types like password, passcode, and webauthn
- The configuration-driven design enables fine-grained control over authentication policies without requiring code changes
- Built-in support for enterprise-grade features such as JWT signing and webhook integrations enhances flexibility
- Extensive third-party provider integration capabilities, including SAML and OAuth, make it adaptable to various deployment needs