v0.10: Webhooks, Account Linking, Passkey Names

This release contains some highly requested new features:

Webhooks

It is now possible to configure webhooks. For now, subscribable events are limited to changes to user accounts. More information here.

3rd-party Account Linking

Automatic account linking can now be activated for individual 3rd-party OAuth connections. This allows for existing accounts to be accessed with 3rd-party connections like Sign in with Google when using the same email address, and vice versa.

Improved Passkey Naming

When a new passkey is created, the original passkey name displayed in the list of passkeys in the user profile is generated by Hanko Backend. Previously, all passkey names looked like "Passkeys-ABCDE", where "ABCDE" was the last characters of the random credential ID. From now on, the passkey names are based on the available information about the authenticator used to create the passkey, e.g. "iCloud Keychain", "Windows Hello" or "1Password", which improves the usability of the passkey list in the user profile.

What's Changed

• feat:add passcode.zh-CN.yaml for support chinese by @zhaoyii in #1219
• chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.16.0 in /backend by @dependabot in #1225
• chore(deps): bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 in /backend by @dependabot in #1226
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.24.0 to 6.25.0 in /backend by @dependabot in #1227
• feat(i18n): add italian translations by @riccardoperra in #1228
• Fixed typo by @FlxMgdnz in #1238
• chore(deps): bump github.com/go-webauthn/webauthn from 0.9.1 to 0.9.2 in /backend by @dependabot in #1232
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.25.0 to 6.26.0 in /backend by @dependabot in #1248
• chore(deps): bump github.com/nicksnyder/go-i18n/v2 from 2.2.2 to 2.3.0 in /backend by @dependabot in #1246
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.17 to 2.0.18 in /backend by @dependabot in #1243
• chore(deps-dev): bump vite from 4.4.9 to 4.4.12 in /frontend by @dependabot in #1247
• chore(deps): bump github.com/go-webauthn/webauthn from 0.9.2 to 0.9.4 in /backend by @dependabot in #1242
• fix: set cookie secure flag by @lfleischmann in #1250
• chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 in /backend by @dependabot in #1252
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.26.0 to 6.26.2 in /backend by @dependabot in #1257
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.26.2 to 6.26.3 in /backend by @dependabot in #1258
• chore(deps): bump follow-redirects from 1.15.2 to 1.15.4 in /frontend by @dependabot in #1286
• chore(deps): bump follow-redirects from 1.15.1 to 1.15.4 in /docs by @dependabot in #1285
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.18 to 2.0.19 in /backend by @dependabot in #1283
• chore(deps): bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 in /backend by @dependabot in #1281
• chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /quickstart by @dependabot in #1268
• chore(deps): bump github.com/labstack/echo/v4 from 4.11.3 to 4.11.4 in /backend by @dependabot in #1272
• chore(deps): bump github.com/go-webauthn/webauthn from 0.9.4 to 0.10.0 in /backend by @dependabot in #1271
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.26.3 to 6.26.4 in /backend by @dependabot in #1287
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.26.4 to 6.27.0 in /backend by @dependabot in #1296
• chore(deps): bump github.com/go-playground/validator/v10 from 10.16.0 to 10.17.0 in /backend by @dependabot in #1293
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.27.0 to 6.28.0 in /backend by @dependabot in #1302
• chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 in /backend by @dependabot in #1306
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.11 to 2.0.19 in /quickstart by @dependabot in #1305
• 1030 - Refactor SMTP settings to be outside of passcode config by @irby in #1121
• improve(passkeys): improve passkey naming by @shentschel in #1303
• chore(deps): bump github.com/nicksnyder/go-i18n/v2 from 2.3.0 to 2.4.0 in /backend by @dependabot in #1313
• chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 in /backend by @dependabot in #1314
• chore(backend): update config json schema by @lfleischmann in #1318
• ci: enable dependabot version updates for actions by @lfleischmann in #1319
• fix: make samesite and domain attributes configurable for frontend sdk cookie by @lfleischmann in #1251
• chore(deps): bump actions/checkout from 3 to 4 by @dependabot in #1326
• chore(deps): bump docker/build-push-action from 4 to 5 by @dependabot in #1325
• chore(deps): bump actions/setup-go from 3 to 5 by @dependabot in #1324
• chore(deps): bump github.com/rs/zerolog from 1.31.0 to 1.32.0 in /backend by @dependabot in #1327
• chore(deps): bump github/codeql-action from 2 to 3 by @dependabot in #1322
• chore(deps): bump actions/setup-node from 3 to 4 by @dependabot in #1323
• chore(deps): bump docker/metadata-action from 4 to 5 by @dependabot in #1332
• chore(deps): bump docker/setup-qemu-action from 2 to 3 by @dependabot in #1331
• chore(deps): bump docker/setup-buildx-action from 2 to 3 by @dependabot in #1330
• chore(deps): bump docker/login-action from 2 to 3 by @dependabot in #1329
• chore(deps): bump actions/github-script from 6 to 7 by @dependabot in #1328
• chore(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 in /backend by @dependabot in #1335
• feat: extend third-party account linking by @lfleischmann in #1316
• chore(deps): bump github.com/go-webauthn/webauthn from 0.10.0 to 0.10.1 in /backend by @dependabot in #1339
• chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 in /backend by @dependabot in #1338
• feat(webhooks): add webhooks by @shentschel in #1291
• chore(docs): add webhook docs by @shentschel in #1346
• chore: bump frontend versions to v0.10.0 by @lfleischmann in #1348
• ci: fix tag extraction pattern in docker publish workflow by @lfleischmann in #1350

New Contributors

• @zhaoyii made their first contribution in #1219
• @riccardoperra made their first contribution in #1228

Full Changelog: backend/v0.9.1...backend/v0.10.0

v0.9.1

Lots of small improvements and fixes in this one.

A big thank you to all contributors.

What's Changed

• #983 add instructions on how to run project locally with bare metal vs Docker by @irby in #1008
• feat(i18n): add pt-BR translation by @caioluis in #1090
• feat(i18n): add bn translation by @heysagnik in #1092
• Fix (1067): Allow Multiple Email Servers for Test Suites by @irby in #1093
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.23.2 to 6.24.0 in /backend by @dependabot in #1127
• chore(deps): bump github.com/nicksnyder/go-i18n/v2 from 2.2.1 to 2.2.2 in /backend by @dependabot in #1126
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.14 to 2.0.15 in /backend by @dependabot in #1117
• chore(deps): bump vue from 3.2.47 to 3.3.6 in /frontend by @dependabot in #1118
• docs: roadmap updates by @FlxMgdnz in #1129
• chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 in /backend by @dependabot in #1130
• chore(deps): bump github.com/russellhaering/goxmldsig from 1.3.0 to 1.4.0 in /backend by @dependabot in #1131
• chore(deps-dev): bump eslint from 8.47.0 to 8.52.0 in /frontend by @dependabot in #1132
• Publish backend binaries by @IgnisDa in #1135
• chore(deps): bump @types/react from 18.2.0 to 18.2.32 in /frontend by @dependabot in #1139
• docs: corrected minute grammatical errors in README.md by @alienishi in #1120
• chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 in /backend by @dependabot in #1146
• chore(deps): bump @angular/forms from 15.2.8 to 15.2.10 in /frontend by @dependabot in #1145
• Updated the name of Twitter in all the docs by @Arcturus22 in #1149
• fix: get session token from header for passcode finalization by @FreddyDevelop in #1124
• chore(deps): bump next from 13.2.3 to 14.0.1 in /frontend by @dependabot in #1154
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.15 to 2.0.16 in /backend by @dependabot in #1153
• chore(deps): bump github.com/docker/docker from 23.0.3+incompatible to 24.0.7+incompatible in /backend by @dependabot in #1151
• chore(deps): bump react-router-dom from 6.14.2 to 6.18.0 in /frontend by @dependabot in #1156
• chore(deps-dev): bump webpack-cli from 5.0.1 to 5.1.4 in /frontend by @dependabot in #1157
• chore(deps): bump jwks-rsa from 3.0.1 to 3.1.0 in /frontend by @dependabot in #1161
• Error message styling by @Esther-Lita in #1150
• chore: re-generate example.css file by @bjoern-m in #1162
• chore(deps): bump github.com/go-playground/validator/v10 from 10.15.5 to 10.16.0 in /backend by @dependabot in #1163
• chore(deps): bump golang.org/x/text from 0.13.0 to 0.14.0 in /backend by @dependabot in #1164
• chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 in /backend by @dependabot in #1165
• chore(deps): bump tslib from 2.5.0 to 2.6.2 in /frontend by @dependabot in #1166
• fix: reload the profile after passkey creation by @bjoern-m in #1172
• chore(deps): bump github.com/labstack/echo/v4 from 4.11.2 to 4.11.3 in /backend by @dependabot in #1177
• chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.15.0 in /backend by @dependabot in #1184
• chore(deps): bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 in /backend by @dependabot in #1183
• chore(deps-dev): bump @vitejs/plugin-vue from 4.1.0 to 4.4.1 in /frontend by @dependabot in #1180
• feat(elements): inherit the justify-content property when using shadow… by @bjoern-m in #1182
• chore(deps): bump vue from 3.3.6 to 3.3.8 in /frontend by @dependabot in #1190
• chore(deps-dev): bump svelte-preprocess from 5.0.4 to 5.1.0 in /frontend by @dependabot in #1191
• chore(deps-dev): bump ts-jest from 29.0.5 to 29.1.1 in /frontend by @dependabot in #1194
• chore(deps-dev): bump jest-environment-jsdom from 29.6.1 to 29.7.0 in /frontend by @dependabot in #1193
• chore(deps-dev): bump css-loader from 6.7.3 to 6.8.1 in /frontend by @dependabot in #1196
• chore(docs): fix typo in backend Config.md by @kimar in #1195
• fix: typo by @testwill in #1201
• fix: fix user-import json schema by @FreddyDevelop in #1202
• chore(deps-dev): bump vue-tsc from 1.2.0 to 1.8.22 in /frontend by @dependabot in #1200
• chore(deps-dev): bump @vue/eslint-config-typescript from 11.0.3 to 12.0.0 in /frontend by @dependabot in #1199
• chore(dockerfile): update Node.js version for compatibility in Next.j… by @kenaqshal in #1206
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.16 to 2.0.17 in /backend by @dependabot in #1209
• chore(deps-dev): bump @vitejs/plugin-vue from 4.4.1 to 4.5.0 in /frontend by @dependabot in #1205
• chore(deps-dev): bump eslint-config-next from 12.3.4 to 14.0.3 in /frontend by @dependabot in #1204
• chore(deps): bump github.com/go-webauthn/webauthn from 0.8.6 to 0.9.1 in /backend by @dependabot in #1207
• chore(deps): bump @angular/core from 15.2.9 to 15.2.10 in /frontend by @dependabot in #1212

New Contributors

• @caioluis made their first contribution in #1090
• @heysagnik made their first contribution in #1092
• @alienishi made their first contribution in #1120
• @Arcturus22 made their first contribution in #1149
• @kimar made their first contribution in #1195
• @testwill made their first contribution in #1201
• @kenaqshal made their first contribution in #1206

Full Changelog: backend/v0.9.0...backend/v0.9.1

v0.9: SAML SSO, User Export

This release includes two exciting features that further expand the scope of Hanko:

SAML Enterprise SSO

• We've added support for external SAML identity providers (IdP). That means the Hanko login can now be configured to redirect email addresses of certain domains to connected SAML IdPs. This is useful for Hanko deployments targeting B2B scenarios where customers request the ability for their employees to sign in with their company-managed single sign-on (SSO) service such as Okta, Onelogin, Keycloak, and others.
• The SAML feature is implemented per domain, i.e. each SAML connection is associated with an email domain. Given a valid SAML connection for, e.g., example.com, each user that enters an @example.com email address into the username field of the hanko-auth element will be redirected to the respective SAML IdP. If the user can be authenticated by the IdP, they will get directed back to Hanko and a regular Hanko JWT will be issued.
• In the current implementation, all hanko-profile actions are still possible for SAML-provisioned users. That means that a SAML user can still create a passkey directly with the service running Hanko and will be able to use this passkey to authenticate without being redirected to the IdP. We are aware that this may not be the desired behavior and we're open to hear your thoughts moving forward.
• See the updated backend docs to learn about all new SAML config options.
• Thanks @shentschel for your work on this!

Important

We've introduced the /ee folder in the Hanko backend that has a different proprietary license for the code that handles SAML SSO connections. Self-hosting a Hanko production deployment that uses /ee code requires a commercial agreement with us. If the SAML feature is not used / configured, the code won't be executed and there's no risk of a license violation.

User Export

• In the same spirit of our existing user import feature, there's now a user export subcommand made available by Hanko backend.
• The exported data is in the same format / schema that's used for user import (i.e. exported Hanko data is importable to another Hanko without any modifications)
• Thanks @IgnisDa for your contribution!

What's Changed

• chore: remove sonatype lift config by @lfleischmann in #1079
• Guide on how to get user data by @Esther-Lita in #1028
• chore(deps): bump github.com/labstack/echo/v4 from 4.11.1 to 4.11.2 in /backend by @dependabot in #1083
• chore(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 in /quickstart by @dependabot in #1084
• chore: remove frontend-sdk dockerfile by @lfleischmann in #1087
• ci: remove docs auto deploy on backend tag by @lfleischmann in #1088
• added API link by @krishvsoni in #1082
• Add user export subcommand by @IgnisDa in #1097
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.13 to 2.0.14 in /backend by @dependabot in #1101
• Feature/saml by @shentschel in #1041
• chore(deps): bump @babel/traverse from 7.21.2 to 7.23.2 in /frontend by @dependabot in #1103

New Contributors

• @krishvsoni made their first contribution in #1082
• @shentschel made their first contribution in #1041

Full Changelog: https://github.com/teamhanko/hanko/compare/@teamhanko/[email protected]/v0.9.0

v0.8.4

This is another minor release containing new content for our docs (that have been migrated to Mintlify and their own repo in the meantime) and a few other neat changes:

Highlights

• Improved default styling for Hanko Elements by @Esther-Lita in #1036
• Shortened and simplified default texts in Hanko Elements (en only) by @FlxMgdnz in #1034
• Added translation for Simplified Chinese (zh) by @lfleischmann in #1022
• Fixed x-domain cookie lifetime to respect configured session lifetime by @lfleischmann in #1049

Other Changes

• chore(deps): bump github.com/go-playground/validator/v10 from 10.15.1 to 10.15.3 in /backend by @dependabot in #997
• chore(deps): bump golang.org/x/text from 0.12.0 to 0.13.0 in /backend by @dependabot in #1001
• chore(deps): bump golang.org/x/crypto from 0.12.0 to 0.13.0 in /backend by @dependabot in #1005
• chore(deps): bump github.com/invopop/jsonschema from 0.7.0 to 0.8.0 in /backend by @dependabot in #1010
• fix: public router adhere to LogHealthAndMetrics option by @FerdinandvHagen in #1014
• chore(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.12.0 in /backend by @dependabot in #1006
• Add tutorial section by @Ashutosh-Bhadauriya in #1016
• Add sveltekit guide by @Ashutosh-Bhadauriya in #995
• chore(deps): bump github.com/go-playground/validator/v10 from 10.15.3 to 10.15.4 in /backend by @dependabot in #1023
• docs: added the python backend guide by @Chigala in #981
• Fix: remove note by @Ashutosh-Bhadauriya in #1026
• Added the Hanko Cloud video tutorial to the Docs by @Esther-Lita in #1025
• feat(docs): add github embeds by @jankal in #1037
• Update community link by @Ashutosh-Bhadauriya in #1038
• chore(deps): bump github.com/invopop/jsonschema from 0.8.0 to 0.9.0 in /backend by @dependabot in #1033
• chore(deps): bump github.com/rs/zerolog from 1.30.0 to 1.31.0 in /backend by @dependabot in #1040
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.12 to 2.0.13 in /backend by @dependabot in #1044
• Update README.md by @FlxMgdnz in #1042
• chore(deps): bump github.com/invopop/jsonschema from 0.9.0 to 0.10.0 in /backend by @dependabot in #1043
• fix: create volume dynamically in x domain kind cluster by @lfleischmann in #1046
• chore(deps): bump github.com/go-playground/validator/v10 from 10.15.4 to 10.15.5 in /backend by @dependabot in #1055
• chore(deps): bump github.com/invopop/jsonschema from 0.10.0 to 0.11.0 in /backend by @dependabot in #1056
• docs: fix typo in README.md by @eltociear in #1052
• chore(deps): bump postcss from 8.4.19 to 8.4.31 in /docs by @dependabot in #1059
• fix: Change passkey wording, update Save a passkey to Create a passkey and Add passkey to Create a passkey by @vishalkhoje in #1053
• chore(deps): bump github.com/invopop/jsonschema from 0.11.0 to 0.12.0 in /backend by @dependabot in #1060
• chore(deps): bump golang.org/x/crypto from 0.13.0 to 0.14.0 in /backend by @dependabot in #1064
• chore(deps): bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 in /backend by @dependabot in #1066
• fix: typo in doc urls by @amjed-ali-k in #1068
• Backfill unit tests for Email Handler Create by @irby in #1071
• Allow starting hanko without config file by @IgnisDa in #1039
• Create Nextjs.mdx by @Esther-Lita in #1019
• chore(examples-fresh): bump up fresh v1.4.3 by @ryuapp in #1050
• fix(frontend-sdk): fix export types by @amjed-ali-k in #1076

New Contributors

• @FerdinandvHagen made their first contribution in #1014
• @Chigala made their first contribution in #981
• @Esther-Lita made their first contribution in #1025
• @jankal made their first contribution in #1037
• @eltociear made their first contribution in #1052
• @vishalkhoje made their first contribution in #1053
• @amjed-ali-k made their first contribution in #1068
• @ryuapp made their first contribution in #1050

Full Changelog: backend/v0.8.3...backend/v0.8.4

v0.8.3

This minor release brings some new and handy features, most importantly:

• New user self-service sign up can be disabled (thanks @irby)
• The admin API allows creating new users (especially useful if new user signups are disabled)
• Both the admin and public APIs now serve a simple static status page on /

What's Changed

• chore(deps): bump github.com/rs/zerolog from 1.29.1 to 1.30.0 in /backend by @dependabot in #942
• fix: make passcode email optional in backend config schema by @lfleischmann in #946
• feat: check webauthn session data expiry by @lfleischmann in #944
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.23.0 to 6.23.1 in /backend by @dependabot in #949
• ci: exempt EPIC labeled issues from stale workflow by @lfleischmann in #950
• chore(deps): bump @types/react-dom from 18.0.11 to 18.2.7 in /frontend by @dependabot in #922
• chore(deps): bump golang.org/x/text from 0.11.0 to 0.12.0 in /backend by @dependabot in #952
• Add configuration to disable user registration by @irby in #947
• chore(deps): bump golang.org/x/oauth2 from 0.10.0 to 0.11.0 in /backend by @dependabot in #954
• fix: angular example by @rishi-raj-jain in #943
• chore(deps): bump github.com/go-playground/validator/v10 from 10.14.1 to 10.15.0 in /backend by @dependabot in #956
• Update roadmap by @FlxMgdnz in #957
• chore(deps): bump github.com/go-webauthn/webauthn from 0.8.2 to 0.8.6 in /backend by @dependabot in #925
• chore(deps): bump github.com/labstack/echo/v4 from 4.10.2 to 4.11.1 in /backend by @dependabot in #914
• chore(deps): bump @denysvuika/preact-translate from 0.4.1 to 0.5.0 in /frontend by @dependabot in #830
• chore(deps): bump github.com/labstack/echo-jwt/v4 from 4.1.0 to 4.2.0 in /backend by @dependabot in #787
• chore(deps-dev): bump karma from 6.4.1 to 6.4.2 in /frontend by @dependabot in #958
• ci: remove stale workflow by @lfleischmann in #959
• chore(deps-dev): bump svelte-preprocess from 4.10.7 to 5.0.4 in /frontend by @dependabot in #915
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.11 to 2.0.12 in /backend by @dependabot in #963
• chore(deps-dev): bump eslint-config-prettier from 8.6.0 to 9.0.0 in /frontend by @dependabot in #964
• chore(deps-dev): bump vite from 4.3.9 to 4.4.9 in /frontend by @dependabot in #965
• feat: add status page by @lfleischmann in #961
• Feat add create user admin endpoint by @FreddyDevelop in #966
• chore(deps): bump github.com/go-playground/validator/v10 from 10.15.0 to 10.15.1 in /backend by @dependabot in #972
• [DOCS] Add fullstack section and update nextjs guide by @Ashutosh-Bhadauriya in #971
• chore(deps): bump github.com/jackc/pgconn from 1.14.0 to 1.14.1 in /backend by @dependabot in #974

New Contributors

• @rishi-raj-jain made their first contribution in #943
• @Ashutosh-Bhadauriya made their first contribution in #971

Full Changelog: backend/v0.8.2...backend/v0.8.3

v0.8.2

Another minor release with some fixes and improvements.

What's Changed

• fix: don't set cookie when jwt is set in header by @lfleischmann in #929
• fix: only set prefilledEmail when email input is empty by @FreddyDevelop in #932
• ci: introduce stale issue workflow by @tungbq in #934
• fix: hanko-elements uses wrong frontend-sdk version by @bjoern-m in #937
• Update README.md by @FlxMgdnz in #939
• feat: generate more accurate backend config jsonschema by @lfleischmann in #941
• chore: frontend version bump by @FreddyDevelop in #938

New Contributors

• @tungbq made their first contribution in #934

Full Changelog: backend/v0.8.1...backend/v0.8.2

v0.8.1

Small release containing some minor features and bugfixes.

What's Changed

• chore: remove the -beta from the fronend versions. The prerelease is … by @like-a-bause in #892
• Fix audit logger improvements by @FreddyDevelop in #888
• Feat let cookie name be changed by @FreddyDevelop in #885
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.22.0 to 6.23.0 in /backend by @dependabot in #895
• chore(deps-dev): bump @typescript-eslint/parser from 5.59.1 to 5.62.0 in /frontend by @dependabot in #896
• Attribute to pre-fill the email address by @bjoern-m in #889
• chore(deps): bump golang.org/x/oauth2 from 0.9.0 to 0.10.0 in /backend by @dependabot in #894
• chore(deps): bump semver from 5.7.1 to 5.7.2 in /docs by @dependabot in #898
• chore(deps): bump semver from 5.7.1 to 5.7.2 in /frontend by @dependabot in #897
• chore(deps-dev): bump @rushstack/eslint-patch from 1.2.0 to 1.3.2 in /frontend by @dependabot in #859
• Update README.md by @like-a-bause in #900
• feat: add option to use a url to the user import file by @FreddyDevelop in #901
• chore(deps-dev): bump karma-coverage from 2.2.0 to 2.2.1 in /frontend by @dependabot in #903
• fix(hanko-elements): translations shown when lang attribute is missing by @bjoern-m in #907
• chore(deps-dev): bump jest-environment-jsdom from 29.5.0 to 29.6.1 in /frontend by @dependabot in #908
• chore(deps-dev): bump jasmine-core from 4.5.0 to 4.6.0 in /frontend by @dependabot in #910
• chore(deps-dev): bump turbo from 1.10.2 to 1.10.7 in /frontend by @dependabot in #902
• chore(deps-dev): bump @types/jasmine from 4.3.1 to 4.3.5 in /frontend by @dependabot in #912
• docs(api-spec): fix wrong type of transports for webauthn reg finaliz… by @lfleischmann in #919
• chore(deps): bump react-router-dom from 6.10.0 to 6.14.2 in /frontend by @dependabot in #916
• chore(deps): bump word-wrap from 1.2.3 to 1.2.4 in /frontend by @dependabot in #921
• chore(deps): bump word-wrap from 1.2.3 to 1.2.4 in /e2e by @dependabot in #920
• fix: fix user import via url by @FreddyDevelop in #906
• feat: make user verification configurable, preferred as default by @lfleischmann in #909
• fix(deploy): set correct webauthn settings in k8s x-domain config by @lfleischmann in #924

Full Changelog: backend/v0.8.0...backend/v0.8.1

v0.8: User Import, Custom Translations

In this release we consolidated the version numbers of the hanko backend and hanko-elements and the frontend-sdk, so it's clear which components work together. On top of that we introduce several small features. Some of the highlights are:

• Custom translations for hanko-elements
• User import
• Improved events in hanko-elements
• Documentation for creating a nuxt app with hanko. The nuxt module can be found here. Thanks to @danielroe and @McPizza0
• New example: deno/fresh. Thanks to @tobihans

Migrating from hanko-elements v0.5.5 to v0.8.0

The "onSessionResumed" and "onSessionIsNotPresent" events have been removed. To determine the session validity, the frontend-sdk can now be used as follows:

import {register} from "@teamhanko/hanko-elements";

const apiUrl = "...";

const {hanko} = await register(apiUrl);

const isValid = hanko.session.isValid(); // Performs a client-side check if the session is valid, returns a boolean.
const session = hanko.session.get();     // Returns an object containing the `userID`, `expirationSeconds` and the `jwt`.

What's Changed

• chore(deps): bump github.com/go-playground/validator/v10 from 10.13.0 to 10.14.1 in /backend by @dependabot in #820
• chore(deps-dev): bump eslint from 8.39.0 to 8.42.0 in /frontend by @dependabot in #821
• chore: fix typo by @danielroe in #822
• docs(social): fix apple guide typo, sign-in-with button wording by @lfleischmann in #824
• feat: update go version to 1.20 by @like-a-bause in #823
• chore(deps-dev): bump vite from 4.3.3 to 4.3.9 in /frontend by @dependabot in #826
• feat: introduce custom translations by @bjoern-m in #815
• test: improve webauthn handler test by @FreddyDevelop in #805
• chore(deps-dev): bump turbo from 1.8.3 to 1.10.2 in /frontend by @dependabot in #828
• chore(deps): bump github.com/labstack/echo-contrib from 0.14.1 to 0.15.0 in /backend by @dependabot in #810
• chore(deps): bump github.com/go-webauthn/webauthn from 0.7.1 to 0.8.2 in /backend by @dependabot in #608
• chore(deps): bump golang.org/x/text from 0.9.0 to 0.10.0 in /backend by @dependabot in #839
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.9 to 2.0.10 in /backend by @dependabot in #840
• docs: fix broken links by @FreddyDevelop in #838
• refeactor: switch the ports of the api spec to match the quickstart p… by @like-a-bause in #835
• Feat user import by @like-a-bause in #693
• chore(deps): bump golang.org/x/crypto from 0.9.0 to 0.10.0 in /backend by @dependabot in #846
• chore(deps): bump github.com/brianvoe/gofakeit/v6 from 6.20.2 to 6.22.0 in /backend by @dependabot in #854
• chore(deps): bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 in /backend by @dependabot in #845
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.10 to 2.0.11 in /backend by @dependabot in #853
• chore(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.2 to 2.0.11 in /quickstart by @dependabot in #852
• docs: use correct docker image in readme by @FreddyDevelop in #861
• refactor: use echo.HTTPError instead of redundant own type. This way … by @like-a-bause in #862
• chore(deps-dev): bump jest-environment-jsdom from 29.4.3 to 29.5.0 in /frontend by @dependabot in #858
• fix(examples-vue): README typo by @tobihans in #863
• test: improve password handler test by @FreddyDevelop in #842
• Add documentation for Nuxtjs with nuxt-hanko module by @McPizza0 in #827
• French translations by @bjoern-m in #851
• chore: remove autofocus from the email input field by @bjoern-m in #866
• Feat k8s deploy by @like-a-bause in #756
• docs: fix mismatch with actual code by @FreddyDevelop in #871
• Docs/deno fresh by @tobihans in #834
• test: use test suite for well known tests by @FreddyDevelop in #872
• chore(deps-dev): bump eslint-plugin-vue from 9.14.1 to 9.15.1 in /frontend by @dependabot in #870
• Chore improve events by @bjoern-m in #864
• Improve the Hanko-elements readme file by @bjoern-m in #878
• fix: remove duplicate section by @bjoern-m in #881
• added a schedule a demo badge by @PeerRich in #880
• chore: bump frontend versions to 0.8.0 by @like-a-bause in #843
• fix: return shadowed error by @FreddyDevelop in #883
• chore(deps): bump golang.org/x/text from 0.10.0 to 0.11.0 in /backend by @dependabot in #890
• chore(deps): bump semver from 7.3.7 to 7.5.3 in /e2e by @dependabot in #876
• feat: add cache control header when returning jwks.json by @FreddyDevelop in #884
• test: improve passcode handler tests by @FreddyDevelop in #873
• feat(hanko-elements): add 'hidePasskeyButtonOnLogin' options by @bjoern-m in #865

New Contributors

• @danielroe made their first contribution in #822
• @tobihans made their first contribution in #863
• @McPizza0 made their first contribution in #827
• @PeerRich made their first contribution in #880

Full Changelog: backend/v0.7.1...backend/v0.8.0

v0.7.1

This release fixes a critical vulnerability we identified in the passcode API. Updating previous Hanko backend deployments is strongly recommended.

What's Changed

• test: update email handler tests by @FreddyDevelop in #786
• feat add iss and aud claims by @like-a-bause in #780
• fix: tests now passing again. by @like-a-bause in #806
• docs: add vanilla js integration guide by @lfleischmann in #804
• Fix issue by @FreddyDevelop in #816

Full Changelog: backend/v0.7.0...backend/v0.7.1

v0.7: Sign in with Apple, New Hanko Elements

This release introduces support for "Sign in with Apple", several enhancements to streamline Hanko Elements frontend integration, as well as some minor improvements and fixes.

Sign in with Apple

Sign in with Apple is now supported as 3rd-party identity provider option.

Hanko Elements Improvements

All frontend functionalities are now accessible through the hanko-elements package, eliminating the need for a separate installation of the frontend-sdk package. Additionally, a new event system has been introduced, enabling developers to dynamically respond to certain events. For instance, you can now handle events such as session creation, session expiration, and auth flow completion to control user flows, manage JWTs, and more.

• Please take a look at the updated frontend/elements/README.md for a list of the new events and their descriptions.
• A new web component <hanko-events> has been added that doesn't contain any UI elements, but can make integration with the new event features simpler in some cases.
• All example apps under frontend/examples have been updated to demonstrate how to integrate the new functionality with certain frontend frameworks.

Migrating from hanko-elements v0.4.x to v0.5.x

• The register() method exported by @teamhanko/hanko-elements has changed:

Outdated:

import { register } from "@teamhanko/hanko-elements";

register({ ...options });

New:

import { register } from "@teamhanko/hanko-elements";

// The `register` function now returns an instance of the `frontend-sdk`, therefore you 
// don't need to install or import the `@teamhanko/hanko-frontend-sdk` package.
const { hanko } = await register("https://your-api.hanko.io/", { ...options });

// Get the current user
const user = await hanko.user.getCurrent();

• The "@teamhanko/hanko-elements" package has new export members, e.g. Hanko, the class declaration of the frontend-sdk:

import { Hanko } from "@teamhanko/hanko-elements";

// You can call `new Hanko()` to create a new `frontend-sdk` instance.
const hanko = new Hanko("https://your-api.hanko.io/");

• Because you now provide the API URL with the register() function, you don't need to pass the value into the web components:

Outdated:

<html>
  <hanko-auth api="https://your-api.hanko.io/"></hanko-auth>
  <hanko-profile api="https://your-api.hanko.io/"></hanko-profile>
</html>

New:

<html>
  <hanko-auth></hanko-auth>
  <hanko-profile></hanko-profile>
</html>

• You can now add callbacks to certain events via the frontend-sdk:

import { register } from "@teamhanko/hanko-elements";

const { hanko } = await register("https://your-api.hanko.io/");

// Add a callback to be executed when the user is logged in and ready to be redirected.
const removeEventListener = hanko.onAuthFlowCompleted(() => {
	// Your code...
})

// The `removeEventListener()` function removes the event listener
removeEventListener();

• Bind events directly on the <hanko-auth>, <hanko-profile> and the new <hanko-events> element.

<html>
<hanko-auth id="auth"></hanko-auth>
<script>
document.getElementById("auth").addEventListener("onAuthFlowCompleted", () => {
  // Your code...
});
</script>
</html>

What's Changed

• fix: differentiate between Operating System of the hanko-backend and … by @like-a-bause in #724
• docs(thirdparty): rework thirdparty guides by @lfleischmann in #737
• feat(passcode): include passcode in email subject by @lfleischmann in #749
• feat(thirdparty): sign in with apple by @lfleischmann in #748
• Session events by @bjoern-m in #725
• Fix only return users with email by @FreddyDevelop in #758
• fix: User Object is deprecated by @bjoern-m in #774
• Feat additional confirmation steps by @bjoern-m in #666
• fix: set the auth cookie even when x-session-lifetime is not present by @bjoern-m in #778
• remove divider-display variable by @bjoern-m in #791

Full Changelog: backend/v0.6.0...backend/v0.7.0