# Hanko — Open-Source Passkey-First Authentication > Hanko is a self-hosted authentication server that puts passkeys and biometrics first, providing a drop-in auth backend and prebuilt UI components as an open-source alternative to Auth0 and Clerk. ## Install Save in your project root: # Hanko — Open-Source Passkey-First Authentication ## Quick Use ```bash docker compose -f https://raw.githubusercontent.com/teamhanko/hanko/main/deploy/docker-compose/quickstart.yaml up -d # Hanko API: http://localhost:8000 # Hanko Admin: http://localhost:8080 ``` ## Introduction Hanko is an open-source authentication platform designed around passkeys and WebAuthn as first-class login methods. It provides a backend API and prebuilt web components that let developers add passwordless authentication to any application without building auth flows from scratch. ## What Hanko Does - Provides passkey (WebAuthn/FIDO2) registration and authentication out of the box - Ships prebuilt web components for login, registration, and profile management - Supports email passcodes, OAuth social login, and traditional passwords as fallbacks - Manages user sessions with configurable JWT and cookie-based token issuance - Exposes a RESTful admin API for user management and audit logging ## Architecture Overview Hanko consists of a Go backend that handles authentication flows, a PostgreSQL database for user and credential storage, and a set of framework-agnostic web components for the frontend. The backend implements the WebAuthn server spec for passkey ceremonies and issues JWTs upon successful authentication. A reverse proxy or API gateway sits in front to handle TLS termination and route requests between Hanko and your application. ## Self-Hosting & Configuration - Deploy with Docker Compose including the Hanko backend and PostgreSQL - Configure via a YAML config file specifying allowed origins, SMTP settings, and OAuth providers - Set JWT secret and token lifetimes through environment variables - Add social login providers (Google, Apple, GitHub) by registering OAuth credentials in config - Helm chart available for Kubernetes deployments with Ingress support ## Key Features - Passkey-first design with full FIDO2/WebAuthn certification compliance - Drop-in web components (, ) that work with any framework - Built-in email passcode flow for devices that do not support passkeys yet - Session management with JWT issuance and configurable expiration policies - Multi-tenant support for SaaS applications serving multiple organizations ## Comparison with Similar Tools - **Auth0** — Managed SaaS with broad integrations but no self-host option and usage-based pricing - **Clerk** — Developer-friendly hosted auth; closed source and not self-hostable - **Authentik** — Self-hosted IdP focused on SSO and directory services rather than passkeys - **Keycloak** — Full-featured Java-based IdP; heavier footprint and steeper learning curve - **SuperTokens** — Open-source session management with password focus; passkey support is newer ## FAQ **Q: Can I use Hanko with React, Vue, or any frontend framework?** A: Yes. Hanko ships framework-agnostic web components that work in React, Vue, Svelte, Angular, and plain HTML. Framework-specific wrappers are also available. **Q: What happens if a user's device does not support passkeys?** A: Hanko falls back to email passcodes or traditional passwords, depending on your configuration. Users can register passkeys later from a supported device. **Q: Does Hanko replace my entire auth system?** A: Hanko handles authentication (login and registration). Authorization (roles, permissions) is left to your application or a separate authorization service. **Q: Is Hanko FIDO2 certified?** A: Hanko implements the WebAuthn Level 2 server specification and is compatible with all FIDO2-certified authenticators including platform authenticators (Touch ID, Windows Hello) and security keys. ## Sources - https://github.com/teamhanko/hanko - https://docs.hanko.io/ --- Source: https://tokrepo.com/en/workflows/cdc43eb2-3f0f-11f1-9bc6-00163e2b0d79 Author: AI Open Source