Stay up-to-date with the latest releases, new features, and bug fixes.

Your submission has been received!
Something went wrong.
February 20, 2023
Hanko Cloud

Hanko Cloud Release 2023-02-20

We've updated Hanko Cloud with the following changes:

  • User details. Individual users on the users table can now be accessed and admins can see the user's data, passkeys, events, and delete the user
  • Small UI fixes and improvements

Check out the new features by signing in to your Hanko Cloud account.

February 3, 2023
Hanko Cloud

Hanko Cloud Release 2023-02-03

The following new features are now available for Hanko Cloud admins:

  • Profile. The new Hanko profile component that allows users to manage their email addresses and passkeys has made its way into Hanko Cloud and can be found in the top-right menu right above logout
  • Search users and events. We've added search functionality to users and events, allowing admins to look for specific entries in both tables and filter events by specific event types
  • Event details. More event details like the user's IP address or the user agent string can now be accessed by using the "extend" button on an event
  • Custom SMTP. Admins can now configure their own SMTP server for passcode emails
  • Resume project. Free projects are suspended after 7 days of inactivity to limit hosting costs so we added a "Resume" button that allows Hanko Cloud admins to continue using the free project

Check out the new features by signing in to your Hanko Cloud account.

January 26, 2023
Hanko Elements

Hanko v0.4.0

This release introduces the new Hanko profile custom element and basic rate limiting.

Profile element

In addition to <hanko-auth>, hanko-elements now also contains <hanko-profile>, a profile page that can be integrated into your app and fully customized with CSS. The profile supports email and credential management, allowing your users to change their email address, their password (if enabled), and manage their passkeys.

You can check out the new <hanko-profile> on We'd love to hear your thoughts.

Note: The import path for the elements package has been changed. See elements readme for more information. To use <hanko-profile>, you need the latest version of the hanko-elements (v0.1.1-alpha) and Hanko backend v0.4.0.

Rate limiting

This version also introduces basic rate limiting to Hanko to protect endpoints from scripted / DoS attacks. The rate limiter supports both in-memory and Redis configurations and uses a combination of user ID and IP address. (See docs).

WebAuthn credentials API

Hanko backend API now has endpoints to manage passkeys. Used by the new profile element, the new credentials API allows you to get a list of the user's passkeys, and individually rename and delete passkeys. (See docs).

Users & events search

Search endpoints are now available for users and events, preceding the upcoming release of the corresponding search features in Hanko Cloud. (See docs).

Full Changelog: v0.3.2...v0.4.0

All Hanko Cloud projects have been updated to v0.4.0 on Feb 3, 2023.

Check out Hanko on GitHub and npm

December 15, 2022

Hanko v0.3.2

Adding support for native Android and iOS apps and bringing Hanko to Svelte.

Mobile app support

Developers can now use Hanko for authentication when building native apps for Android and iOS. Since passkeys can also be used in native apps, this enables a seamless user experiences across websites and native apps.

To make this work, we had to add support for multiple WebAuthn origins to Hanko backend. Passkeys are always bound to an "origin", and in most cases that is a domain. However, unlike websites and iOS apps, an Android app identifies itself with its APK hash during the WebAuthn ceremonies required to use passkeys. This APK hash can now be added to the list of allowed origins in the Hanko backend config.

We will also release a first draft of a sample app for Android very soon to provide guidance on building native app authentication with passkeys using Hanko.

Bringing passkeys to Svelte 👋

A small bug in the library we're using for our web components prevented Hanko to work with Svelte apps. Until now. The integration guide can be found at

Full Changelog: v0.3.1...v0.3.2

November 30, 2022

Hanko v0.3.1 (Beta)

The main feature of this release is the support for hardware security keys on passkey creation.

FIDO security keys (and other roaming authenticators)

Until now, we allowed passkeys to be created only on platform authenticators (Touch ID, Face ID, Windows Hello..., i.e., the device you're browsing on) to keep things simple. Roaming authenticators, most commonly known as security keys, were not supported by Hanko so far. But with this release, we removed all restrictions regarding the authenticator types. It is perfectly fine to store a passkey on a physical security key, and now you can do that with Hanko.

One thing to be aware of is that most security keys only support storing a limited number of passkeys that can be as low as 25 in some cases.

This change also improves the passkey creation UI in Chromium browsers where it's now possible to store the passkey on your phone through the QR code flow – which was only working in Safari before.

Multi-platform support

Thanks to @hilli our docker builds now support other platforms than X86, namely AMD64 and ARM64. That's awesome!

New contributors

Full Changelog: v0.3.0...v0.3.1

October 24, 2022

Hanko v0.3.0 (Beta)

The main features of this release are support for Conditional UI and an audit log system.

Conditional UI

Hanko's login box now supports Conditional UI, aka passkey autofill. In supported browsers, the "Sign in with a passkey" button is no longer required, and instead a passkey autofill UI is displayed when the user clicks or taps on the username input. Passkey autofill lists all available passkeys and is much less intrusive or misleading than the extra button that may or may not work for users that don't have any passkey yet. You can test passkey autofill today by spinning up a local Hanko example. We will also update in the next few days. Browsers that already support conditional UI are:

  • Safari on iOS16
  • Safari on macOS13 Beta/RC
  • Chrome Canary on Android (with Play Services Beta)
  • Chrome Canary on Windows 11 22H2

Audit logs

We've added a new feature to Hanko backend to collect audit logs and an API to access the logs. The focus here is on user actions (e.g., login attempt, passkey creation, password changed).

New contributors

For more details about this release see full changelog on GitHub.

September 9, 2022

Hanko v0.2.0 (Beta)

Introducing the Hanko JavaScript Frontend SDK

Using the Hanko API has now become much easier with the introduction of our frontend SDK. The most common use cases (for now) are retrieving information about or creating a(nother) passkey for the authenticated user.

We also updated the Hanko Web Component (hanko-auth element) and the example app to make use of the new SDK. The example app also got a "Create a passkey" button to the /secured page to allow authenticated users creating additional passkeys.

Our packages are available on npm:

What's more

Our OpenAPI specification has been reworked from scratch and is now on par with the backend.

For more details about this release see the full changelog on GitHub.

August 4, 2022
Hanko Elements

Hanko v0.1.1 (Beta)

Aka The Compatibility Patch.

After our initial release about a month ago, we've been coding through the heat wave and made sure to fix a handful of issues. We were able to make some important steps to give the Hanko login experience a good polish. Here are some highlights:


  • The default design of hanko-auth element is now a bit more neutral and we removed most width and height default settings to make it more responsive for seamless integration into different layouts
  • Entering an email address now also triggers the WebAuthn / passkey login flow if the associated account has a credential
  • Disabled the passkey button on Android, as passkeys (i.e., discoverable credentials / empty allowCredentials lists) are not yet supported on Android; WebAuthn logins can still be triggered by entering an email that has registered a credential before

Hanko API

  • Added support for cross-domain cookies to allow backend and frontend to be hosted on different domains
  • WebAuthn `transports = "internal"` is currently broken on Android and Windows, so we removed transports from all login requests; this results in the option "Security Keys" being shown in some login scenarios, even if the credential was created with a platform authenticator; we'll revisit this when the authenticators on Android and Windows got better passkey support
  • Worked around an issue with Safari on iOS 15 and macOS Monterey where the WebAuthn login could only be initiated once per page reload


  • Docker Compose / Quickstart now works properly on M1 macs


  • @SojinSamuel made their first contribution to this project. Thank you!
  • @SimoMay contributed to v0.1.0, but we forgot to mention it. Sorry & big thanks to you!

July 8, 2022
Hanko Elements

Hanko v0.1.0 (Beta)

It's been 4 months since we've started building Hanko open source and today we're happy to announce the initial beta release of the project on GitHub.

The timing couldn't be better, as Apple's passkey implementations will soon be available for everyone to test in the public beta versions of iOS 16 and macOS 13. It's a fascinating experience to see the first true evolutionary step in user authentication in action. Of course, Hanko's passwordless authentication also works on all current live platforms (iOS, macOS, Android, Windows), just without the full passkey support that will be available on our devices later this year.

Head over to GitHub now and give Hanko a try, we'd love to hear your feedback.

What's new

Hanko's code has been available on GitHub since day 1 of development. We've been adding new features almost daily, and today we reached our biggest milestone yet: the first beta release. Here's what we've added since the last announcement a few weeks ago and what completes the project:

  • UI customization: The last missing piece for the first version of Hanko was UI customization. While we made sure the Hanko login box looked good without any additional styling, our goal was for Hanko to fit seamlessly into any website and brand. Customers want their login to feel native, it should blend well with the rest of the site. This is now possible thanks to the extensive customization options we've added to the Hanko web component, which is delivered as part of our frontend library.
  • Hanko-elements published on npm: Besides the minimalistic passkey authentication API, a key feature of Hanko is the <hanko-auth> element, which brings a full user interface, gives your users a modern login and registration experience, and can be integrated into any website with just two lines of code. We have now released the first version of hanko-elements on npm to make building with Hanko as easy as possible.
  • E2E testing: Delivering stable code is a priority for us, so we put a lot of effort into setting up end-to-end testing. We use Playwright for this and are very happy with the results. The tests are already integrated into our build pipeline on GitHub, and we have put together a short guide on how to run the tests locally.

How to get started

Just follow the Getting Started guide in the project's readme to get your passkey-enabled login example app up and running locally with Docker Compose in just a few minutes.

Get involved

We'd love to get to know you and hear your feedback, so we invite you to join our growing Hanko Community on Slack and be a part of the passkey revolution.

June 15, 2022

Hanko open source ready to test

Following some productive weeks, today we announce the first functional Alpha release of Hanko open source on GitHub.

What's already working

The Hanko open source project packs Hanko API including our FIDO-certified WebAuthn endpoints and hanko-js, a web component that can be integrated into any website with just two lines of code.

  • Registration and login flows with and without passwords
  • Passkey authentication
  • Passcodes, a convenient way to recover account access and verify email addresses
  • Multi-language support (English and German for now)
  • JWT issuing
  • Admin API

How to get started

Just follow the Getting Started guide in the project's readme to get your passkey-enabled login example app up and running locally with Docker Compose in just a few minutes.

Get involved

We'd love to get to know you and hear your feedback, so we invite you to join our growing Hanko Community on Slack and be a part of the passkey revolution.