About Hanko: Hanko is a privacy-first authentication and user management provider that offers customizable, open-source authentication solutions focused on the passkey era. It provides both hosted cloud services and self-hosted options, supporting flexible login methods including passkeys, passwords, OAuth providers, and email passcodes.What This Guide Covers: This guide demonstrates how to validate Hanko session tokens in your backend application. You’ll learn to implement session validation, create middleware for protecting endpoints, and authenticate requests using Hanko’s session management APIs.Key Technologies: Server-side programming language, HTTP client libraries, middleware frameworks, JSON handling, and Hanko session validation APIPrerequisites: Knowledge of your chosen backend language and frameworks, Hanko Cloud account (free at cloud.hanko.io), frontend application with Hanko authenticationIntegration Tasks You’ll Complete:
Set up Hanko API URL configuration from environment variables
Implement session token validation using proper data structures
Create reusable middleware or utilities for protecting API endpoints
Handle session validation responses, errors, and edge cases
Extract session tokens from HTTP cookies securely
Build authentication utilities that integrate with your application architecture
Implement comprehensive error handling and logging for production use
After successful authentication, Hanko generates a session token that is stored as a cookie. Use the session token to authenticate requests to your backend. This guide shows how to implement session token validation in Python to ensure that only authenticated users can access your application’s protected resources.
The following function validates session tokens against the Hanko backend. The implementation for retrieving the session token cookie will vary depending on your framework.
Copy
Ask AI
def validate_session_token(token: str) -> Tuple[bool, Optional[str]]: """ Validates a session token with the Hanko API. Returns a tuple of (is_valid: bool, error_message: Optional[str]) """ try: response = requests.post( f"{HANKO_API_URL}/sessions/validate", json={"session_token": token} ) if response.status_code != 200: return False, "Invalid token" validation_data = response.json() if not validation_data.get("is_valid", False): return False, "Invalid token" return True, None except requests.Timeout: return False, "Authentication service timeout" except requests.RequestException: return False, "Authentication service unavailable"