Modules
Each module is shippable on its own and composes with the rest. Provider-agnostic core, narrow adapters, no telemetry.
2
Protocols hardened (SAML, OIDC)
0
Telemetry endpoints
1
IdP session for SAML + OIDC
MIT
License everywhere
One IdP session for SAML and OIDC
Dual-protocol IdP written in Go: SAML AuthnRequest handling with ACS pinned to SP config, full OIDC authorization-code flow with JWKS, and a single signed idp_session cookie that bridges both protocols. Hanko provides credentials in the PoC; MVP swaps in Supabase or your own Postgres via the SSO SPI.
Hosted login UI, served from your origin
Implements Renderer (RenderLogin / RenderLogout / RenderError) and ships static assets via StaticFS(). Branding, FlowConfig and FeatureFlags come from the host app; AuthKit itself never imports a credential backend, so the same UI works against Hanko today and other providers tomorrow.
One core, many adapters — start with Hanko
The browser SDK core that AuthKit ships through SDKScript. A single TypeScript core handles flow orchestration; adapters bind it to a specific credential backend (Hanko first), so adding a new provider does not mean rewriting the UI or the IdP.
Hanko, ready for Auth Fly out of the box
Hanko Docker image and config tuned for the Auth Fly IdP: JWT + JWKS for browser sessions, cookie-bound tokens, and CORS aligned with the IdP origin. Implements core.CredentialVerifier so the rest of the stack stays provider-agnostic.
Replaced Hanko Elements end-to-end
UI8Kit is the component layer behind AuthKit: forms, fields, buttons, error states and the auth flow widgets. Bundled as a single ui8kit.js served from /static — no CDN dependency, no third-party JS in the login page.