Hanko: Open Source Alternative to Clerk
Passkey-first auth platform — SSO, MFA, and web components without vendor lock-in.
Hanko: Open Source Passkey Authentication Alternative to Clerk
Hanko is an open-source, passkey-first authentication platform for modern web applications. It helps developers add secure login, passkeys, MFA, SSO, user management, and session handling without being locked into a proprietary identity provider.
Hanko is often used as an alternative to Clerk, Auth0, Firebase Auth, and Better Auth by teams that want passkey-first authentication, self-hosting, privacy-first architecture, web components, SDKs, and more control over user identity data.
What is Hanko?
Hanko is an authentication and user management platform built around passkeys, WebAuthn, and privacy-first principles. It provides a complete authentication backend, pre-built UI components, frontend SDKs, and deployment options for both self-hosted infrastructure and Hanko Cloud.
It is especially useful for:
- SaaS applications
- developer tools
- B2B and B2C web apps
- privacy-focused products
- teams moving toward passwordless authentication
- applications that need passkeys, MFA, SSO, and user profile management
- teams that want to avoid authentication vendor lock-in
Key features
Passkey-first authentication
- Passkeys and WebAuthn support
- Passwordless authentication
- Phishing-resistant login flows
- Email passcodes
- Password-based login when needed
- Magic links
- Device and session management
MFA and SSO
- Multi-factor authentication
- TOTP support
- Security keys
- OAuth SSO with providers like Google, GitHub, Apple, and custom OIDC providers
- SAML Enterprise SSO
- Remote session revocation
- JWT issuing
Developer experience
- Hanko Elements drop-in web components
<hanko-auth>authentication component- Frontend SDK for custom UIs
- Framework examples for React, Next.js, and other modern stacks
- Webhooks
- Server-side session management
- API-first authentication flows
- i18n and custom translations
Deployment and data control
- Self-hosted deployment
- Hanko Cloud managed service
- Single Go binary
- Docker Compose support
- PostgreSQL database
- Redis support
- Full control over user data when self-hosted
- Migration path between self-hosted Hanko and Hanko Cloud
Hanko vs Clerk
| Feature | Hanko | Clerk |
|---|---|---|
| Main use case | Open-source passkey-first authentication | Managed developer-first authentication SaaS |
| License | AGPL-3.0 backend; MIT SDK and Elements | Proprietary |
| Deployment | Self-hosted or Hanko Cloud | Managed cloud SaaS |
| Passkeys | Passkey-first authentication | Passkey support depending on product setup |
| SSO | OAuth, OIDC, and SAML Enterprise SSO | OAuth, SSO, and enterprise features depending on plan |
| UI components | Hanko Elements web components and SDK | Pre-built components and SDKs |
| Data control | High control when self-hosted | Vendor-hosted infrastructure |
| Best for | Teams wanting open-source auth, passkeys, and self-hosting | Teams wanting managed auth with minimal infrastructure work |
| Cost model | Open-source software; infrastructure or optional Hanko Cloud costs apply | Subscription-based SaaS pricing |
Choose Hanko if you want open-source authentication, passkey-first login, self-hosting, and more control over user identity data.
Choose Clerk if you want a fully managed proprietary authentication platform with polished developer experience and minimal operational setup.
Hanko vs Auth0
Hanko and Auth0 both help teams add authentication and user management, but they target different priorities.
Auth0 is a mature proprietary identity platform with broad enterprise IAM and CIAM capabilities. Hanko is a better fit if you want an open-source, passkey-first, privacy-focused authentication system that can be self-hosted.
| Feature | Hanko | Auth0 |
|---|---|---|
| Main use case | Passkey-first authentication and user management | Enterprise identity and access management |
| License | Open source backend and SDK components | Proprietary |
| Deployment | Self-hosted or Hanko Cloud | Managed cloud SaaS |
| Passkeys | Core product focus | Supported depending on configuration |
| Enterprise IAM | SAML SSO and MFA support | Broad enterprise IAM and CIAM features |
| Data control | High when self-hosted | Managed by Auth0 |
| Best for | Teams prioritizing passkeys, privacy, and ownership | Enterprises needing a mature managed identity platform |
Hanko vs Firebase Auth
Firebase Auth is a good option for developers already using the Firebase ecosystem. It provides managed authentication with minimal setup.
Hanko is more relevant if you want passkey-first authentication, self-hosting, source code access, privacy-first architecture, and more control over your user identity infrastructure.
| Feature | Hanko | Firebase Auth |
|---|---|---|
| Main use case | Open-source authentication and passkeys | Managed authentication for Firebase apps |
| Deployment | Self-hosted or Hanko Cloud | Managed Google/Firebase service |
| Passkeys | Core product focus | Not the main product focus |
| Data control | High when self-hosted | Managed by Google infrastructure |
| Best for | Teams wanting self-hosted, privacy-first auth | Teams already building on Firebase |
Hanko vs Better Auth
Better Auth is a developer-first authentication framework. Hanko is a complete authentication platform with backend services, passkeys, web components, SDKs, SSO, MFA, and self-hosting options.
Choose Better Auth if you want a flexible authentication library or framework to integrate directly into your application stack.
Choose Hanko if you want a complete passkey-first authentication platform with ready-to-use UI components, backend services, and deployment options.
At a glance
| Attribute | Details |
|---|---|
| License | AGPL-3.0 backend; MIT SDK and Elements |
| Category | Security / Authentication |
| Main users | Developers, SaaS teams, privacy-focused products |
| Focus | Passkeys, WebAuthn, passwordless authentication, SSO, MFA |
| Deployment | Self-hosted or Hanko Cloud |
| Self-hosted | Yes |
| Stack | Go, TypeScript, React, PostgreSQL, Redis |
| UI | Hanko Elements web components and frontend SDK |
| Alternatives | Clerk, Auth0, Firebase Auth, Better Auth |
Self-hosting
Hanko can be self-hosted by teams that want more control over authentication infrastructure, user data, and deployment.
A typical self-hosted Hanko setup may include:
- Hanko backend
- Single Go binary or Docker Compose deployment
- PostgreSQL
- Redis
- OAuth / OIDC provider configuration
- SAML configuration for enterprise SSO if needed
- Email provider configuration
- Reverse proxy and HTTPS
- Monitoring, logs, backups, and database migrations
Self-hosting is a good fit for teams that need data ownership, privacy, compliance, or control over authentication infrastructure.
Hanko Cloud is a better fit if you want managed authentication without operating your own infrastructure.
FAQ
Is Hanko a Clerk alternative?
Yes. Hanko is an open-source alternative to Clerk for authentication, passkeys, SSO, MFA, user management, and session handling. It is especially relevant if you want passkey-first authentication and self-hosting.
What is the difference between Hanko and Clerk?
Hanko is open source and can be self-hosted, while Clerk is a proprietary managed SaaS. Hanko focuses strongly on passkeys, privacy, and data control. Clerk focuses on a polished managed developer experience with minimal setup.
Is Hanko an Auth0 alternative?
Yes. Hanko can be used as an Auth0 alternative for teams that need authentication, SSO, MFA, and user management. Auth0 is broader and more enterprise-oriented, while Hanko is more focused on passkey-first authentication, privacy, and self-hosting.
Can Hanko be self-hosted?
Yes. Hanko can be self-hosted using Docker Compose or a bare-metal deployment. Self-hosting gives teams more control over user data, infrastructure, authentication flows, and deployment.
Does Hanko support passkeys?
Yes. Hanko is built around passkeys and WebAuthn. It supports phishing-resistant passwordless authentication flows for modern web applications.
Does Hanko support SSO?
Yes. Hanko supports OAuth SSO with providers like Google, GitHub, Apple, and custom OIDC providers. It also supports SAML Enterprise SSO.
Does Hanko support MFA?
Yes. Hanko supports multi-factor authentication, including TOTP and security keys.
Is Hanko better than Firebase Auth?
Hanko is better if you want passkey-first authentication, self-hosting, privacy-first architecture, and source code access. Firebase Auth is better if you are already using Firebase and want a managed authentication service with minimal setup.
What is the difference between Hanko and Better Auth?
Better Auth is a developer-first authentication framework. Hanko is a complete authentication platform with passkeys, backend services, web components, SDKs, MFA, SSO, and self-hosting options.
Is Hanko suitable for production?
Yes. Hanko can be used in production. For production self-hosting, teams should plan for PostgreSQL, Redis, HTTPS, email provider configuration, SSO configuration, logs, monitoring, backups, and database migration strategy.
Screenshots
