Skip to content

Releases: teamhanko/hanko

v0.6

19 Apr 07:46
194b3cc
Compare
Choose a tag to compare

For this release, we focused on making smaller improvements and fixing things. The highlights are:

  • Added support for 3rd-party identity providers in cross-domain setups
  • Added endpoints and UI for self-service account deletion
  • Config simplified with regards to CORS

What's Changed

New Contributors

Full Changelog: backend/v0.5.0...backend/v0.6.0

Hanko Beta v0.5.0

13 Mar 09:32
a10fe9c
Compare
Choose a tag to compare

Product news_ v0 5 0

3rd-party identity providers (OAuth SSO)

The leading feature of this release is support for 3rd-party identity providers, starting with Google and GitHub. Coming up next, Sign in with Apple is already in the making, and support for Microsoft accounts will follow shortly after. We've built the OAuth components in a modular way so that support for even more identity providers (e.g. Twitter, Facebook, Slack) can be added quickly by us or external contributors if there's demand for it.

During the first months of working on Hanko, we focused our efforts towards establishing a fully usable, production-ready authentication stack that is built for passkeys. With this now in place, we're able to combine the new and exciting passkey login flows with today's most popular authentication methods, i.e., "social logins".

Even with passkeys now broadly supported on all ecosystems, we think that offering sign up and login options for popular 3rd-party identity providers still makes sense, especially to convert new users quickly by allowing them to skip the "enter your email" and email verification steps. After a successful sign in with e.g. Google, users will be presented with the option to create a passkey for the app where Hanko is integrated, which can then be used for subsequent logins that no longer need to (but still can) be done through the 3rd-party.

Updated example apps

We've updated the example apps to use the latest hanko-elements version and added the hanko-profile element to each example.

Logout function in frontend SDK

Thanks to @irby, we now have support for the logout flow in hanko-frontend-sdk, making Hanko's integration even simpler.

What's changed

Full Changelog: v0.4.0...backend/v0.5.0

Hanko Beta v0.4.0

26 Jan 19:01
9a1e42c
Compare
Choose a tag to compare

Product news_ v0 4 0

This release introduces the new Hanko profile custom element and basic rate limiting.

Profile element

In addition to <hanko-auth>, hanko-elements now also contains <hanko-profile>, a profile page that can be integrated into your app and fully customized with CSS. The profile supports email and credential management, allowing your users to change their email address, their password (if enabled), and manage their passkeys.

Our quickstart app utilizes the new profile page, so you can check it out there. We'd love to hear your thoughts.

Note: The import path for the elements package has been changed. See elements readme for more information. To use <hanko-profile>, you need the latest version of the hanko-elements package (v0.1.0-alpha).

Rate limiting

This version also introduces basic rate limiting to hanko to protect endpoints from scripted / DoS attacks. The rate limiter supports both in-memory and Redis configurations and uses a combination of user ID and IP address.

What's changed

Full Changelog: v0.3.2...v0.4.0

Hanko Beta v0.3.2

15 Dec 09:55
d3b70c1
Compare
Choose a tag to compare

Adding support for native Android and iOS apps and bringing Hanko to Svelte.

Mobile app support

Developers can now use Hanko for authentication when building native apps for Android and iOS. Since passkeys can also be used in native apps, this enables a seamless user experiences across websites and native apps. To make this work, we had to add support for multiple WebAuthn origins to Hanko backend. Passkeys are always bound to an "origin", and in most cases that is a domain. However, unlike websites and iOS apps, an Android app identifies itself with its APK hash during the WebAuthn ceremonies required to use passkeys. This APK hash can now be added to the list of allowed origins in the Hanko backend config. We will also release a first draft of a sample app for Android very soon to provide guidance on building native app authentication with passkeys using Hanko.

Bringing passkeys to Svelte 👋

A small bug in the library we're using for our web components prevented Hanko to work with Svelte apps. Until now. The integration guide can be found at https://docs.hanko.io/guides/svelte.

What's changed

Full changelog: v0.3.1...v0.3.2

Hanko Beta v0.3.1

30 Nov 15:01
2f269fd
Compare
Choose a tag to compare

Product news_ v0 3 1

The main feature of this release is the support for hardware security keys on passkey creation.

FIDO security keys (and other roaming authenticators)

Until now, we allowed passkeys to be created only on platform authenticators (Touch ID, Face ID, Windows Hello..., i.e., the device you're browsing on) to keep things simple. Roaming authenticators, most commonly known as security keys, were not supported by Hanko so far. But with this release, we removed all restrictions regarding the authenticator types. It is perfectly fine to store a passkey on a physical security key, and now you can do that with Hanko.

One thing to be aware of is that most security keys only support storing a limited number of passkeys that can be as low as 25 in some cases.

This change also improves the passkey creation UI in Chromium browsers where it's now possible to store the passkey on your phone through the QR code flow – which was only working in Safari before.

Multi-platform support

Thanks to @hilli our docker builds now support other platforms than X86, namely AMD64 and ARM64. That's awesome!

What's changed

New contributors

Full changelog: v0.3.0...v0.3.1

Hanko Beta v0.3.0

24 Oct 09:22
acb0275
Compare
Choose a tag to compare

Product news_ v0 3 0

The main features of this release are support for Conditional UI and an audit log system.

Conditional UI

Hanko's login box now supports Conditional UI, aka passkey autofill. In supported browsers, the "Sign in with a passkey" button is no longer required, and instead a passkey autofill UI is displayed when the user clicks or taps on the username input. Passkey autofill lists all available passkeys and is much less intrusive or misleading than the extra button that may or may not work for users that don't have any passkey yet. You can test passkey autofill today by spinning up a local Hanko example. We will also update passkeys.io in the next few days. Browsers that already support conditional UI are:

  • Safari on iOS16
  • Safari on macOS13 Beta/RC
  • Chrome Canary on Android (with Play Services Beta)
  • Chrome Canary on Windows 11 22H2

Audit logs

We've added a new feature to Hanko backend to collect audit logs and an API to access the logs. The focus here is on user actions (e.g., login attempt, passkey creation, password changed).

What's changed

  • ci: build and publish frontend-sdk by @aspeteRakete in #229
  • create code_of_conduct from github template by @aspeteRakete in #232
  • docs: move documentation into monorepo by @lfleischmann in #230
  • docs: move into monorepo cleanup by @lfleischmann in #233
  • Passkey creation view minor text improvements by @FlxMgdnz in #231
  • rename "private" api to "admin" api by @lfleischmann in #234
  • docs: link frontend guides to ui customization guide by @lfleischmann in #242
  • docs: provide only the latest version of the frontend sdk docs by @lfleischmann in #239
  • chore: add License note for frontend-sdk by @aspeteRakete in #244
  • docs: add js backend guide example by @lfleischmann in #241
  • Remove console log by @irby in #250
  • fix: send 401 when passcode is not found instead of 404 by @aspeteRakete in #247
  • Update README.md by @shibukawa in #180
  • Update dependabot.yml by @aspeteRakete in #253
  • feat(hanko-elements): add light dom support by @bjoern-m in #235
  • chore: add issue and pull request templates by @lfleischmann in #264
  • Update Config.md by @aspeteRakete in #254
  • Feat conditional UI by @bjoern-m in #255
  • docs: add plausible analytics by @lfleischmann in #274
  • Ask for Browser in BugReport by @aspeteRakete in #283
  • fix(hanko-frontend-sdk): access X-Auth-Token header during cross-doma… by @bjoern-m in #251
  • docs: fix broken link in e2e readme by @FreddyDevelop in #297
  • Test hanko frontend sdk by @bjoern-m in #266
  • feat: add audit logs by @FreddyDevelop in #185
  • Add link to the slack community to the issue templates by @aspeteRakete in #299
  • docs: misc api spec fixes, adjustments by @lfleischmann in #303
  • fix: persisted passcode timestamps by @lfleischmann in #311
  • feat: enable debugging for services/libs used in quickstart cluster by @lfleischmann in #312

New contributors

Full changelog: v0.2.0...v0.3.0

Hanko Beta v0.2.0

08 Sep 18:16
18cfd21
Compare
Choose a tag to compare

Aka Introducing the Hanko JavaScript Frontend SDK.

Using the Hanko API has now become much easier with the introduction of our frontend SDK. The most common use cases (for now) are retrieving information about or creating a(nother) passkey for the authenticated user. We also updated the example app to make use of the SDK and added a "Create a passkey" button to the /secured page.

Our OpenAPI specification (docs/spec/api.yaml) has been reworked from scratch and is now on par with the backend.

What's changed

New contributors

Full changelog: v0.1.1...v0.2.0

Hanko Beta v0.1.1

04 Aug 15:04
dea8e0a
Compare
Choose a tag to compare

Aka The Compatibility Patch.

After our initial release about a month ago, we've been coding through the heat wave and made sure to fix a handful of issues. We were able to make some important steps to give the Hanko login experience a good polish. Here are some highlights:

hanko-js

  • The default design of hanko-auth element is now a bit more neutral and we removed most width and height default settings to make it more responsive for seamless integration into different layouts
  • Entering an email address now also triggers the WebAuthn / passkey login flow if the associated account has a credential
  • Disabled the passkey button on Android, as passkeys (i.e. an empty allowList) are not yet supported on Android; WebAuthn logins can still be triggered by entering an email that has registered a credential before

Hanko API

  • Added support for cross-domain cookies to allow backend and frontend to be hosted on different domains
  • WebAuthn transports = "internal" is currently broken on Android and Windows, so we removed transports from all login requests; this results in the option "Security Keys" being shown in some login scenarios, even if the credential was created with a platform authenticator; we'll revisit this when the authenticators on Android and Windows got better passkey support
  • Worked around an issue with Safari on iOS 15 and macOS Monterey where the WebAuthn login could only be initiated once per page reload

Other

  • Docker Compose / Quickstart now works properly on M1 macs

Contributors

  • @sojinsamuel made their first contribution to this project. Thank you!
  • @SimoMay contributed to v0.1.0, but we forgot to mention it. Sorry & big thanks to you!

Hanko Beta v0.1.0

08 Jul 19:21
5672ec2
Compare
Choose a tag to compare

It's been 4 months since we've started building Hanko open source and today we're happy to announce the initial beta release of the project.

Hanko login

The timing couldn't be better, as Apple's passkey implementations will soon be available for everyone to test in the public beta versions of iOS 16 and macOS 13. It's a fascinating experience to see the first true evolutionary step in user authentication in action. Of course, Hanko's passwordless authentication already works perfectly on all current live platforms (iOS, macOS, Android, Windows), just without the full passkey synchronization support that will be available on our devices later this year.

What's new

Hanko's code has been available on GitHub since day 1 of development. We've been adding new features almost daily, and today we reached our biggest milestone yet: the first beta release. Here's what we've added recently and what completes the project:

  • UI customization: The last missing piece for the first version of Hanko was UI customization. While we made sure the Hanko login box looked good without any additional styling, our goal was for Hanko to fit seamlessly into any website and brand. Customers want their login to feel native, it should blend well with the rest of the site. This is now possible thanks to the extensive customization options we've added to the Hanko web component, which is delivered as part of our frontend library.
  • Hanko-elements published on npm: Besides the minimalistic passkey authentication API, a key feature of Hanko is the <hanko-auth> element, which brings a full user interface, gives your users a modern login and registration experience, and can be integrated into any website with just two lines of code. We have now released the first version of hanko-elements on npm to make building with Hanko as easy as possible.
  • E2E testing: Delivering stable code is a priority for us, so we put a lot of effort into setting up end-to-end testing. We use Playwright for this and are very happy with the results. The tests are already integrated into our build pipeline, and we have put together a short guide on how to run the tests locally.‍

How to get started

Just follow the Getting Started guide in the project's readme to get your passkey-enabled login example app up and running with Docker Compose in just a few minutes.‍

Get involved

We'd love to get to know you and hear your feedback, so we invite you to join our growing Hanko Community on Slack and be a part of the passkey revolution.