Hanko Backend Integration Guide:About Hanko:Hanko is a modern open source authentication solution and the fastest way you integrate passkeys, 2FA, SSO, and more—with full control over your data. Move between self-hosted and Hanko Cloud anytime. No lock-in. Just Auth how it should be: secure, user friendly, and fully yours.What This Guide Covers: This guide demonstrates how to validate Hanko session tokens in your backend application. You’ll learn to implement session validation, create middleware for protecting endpoints, and authenticate requests using Hanko’s session management APIs.Key Technologies:
Server-side programming language
HTTP client libraries
Middleware frameworks
JSON handling
Hanko session validation API
Prerequisites:
Knowledge of your chosen backend language and framework
Hanko Cloud account (sign up at cloud.hanko.io)
Frontend application with Hanko authentication
Integration Tasks You’ll Complete:
Set up Hanko API URL configuration from environment variables
Implement session token validation using proper data structures
Create reusable middleware or utilities for protecting API endpoints
Handle session validation responses, errors, and edge cases
Extract session tokens from HTTP cookies securely
Build authentication utilities that integrate with your application architecture
Implement comprehensive error handling and logging for production use
After successful authentication, Hanko generates a session token that is stored as a cookie. Use the session token to authenticate requests to your backend. This guide shows how to implement session token validation in Python to ensure that only authenticated users can access your application’s protected resources.
The following function validates session tokens against the Hanko backend. The implementation for retrieving the session token cookie will vary depending on your framework.
Copy
Ask AI
def validate_session_token(token: str) -> Tuple[bool, Optional[str]]: """ Validates a session token with the Hanko API. Returns a tuple of (is_valid: bool, error_message: Optional[str]) """ try: response = requests.post( f"{HANKO_API_URL}/sessions/validate", json={"session_token": token} ) if response.status_code != 200: return False, "Invalid token" validation_data = response.json() if not validation_data.get("is_valid", False): return False, "Invalid token" return True, None except requests.Timeout: return False, "Authentication service timeout" except requests.RequestException: return False, "Authentication service unavailable"