Skip to content

Add Hanko SSO authentication support#490

Closed
hg1g wants to merge 106 commits intodevelopfrom
login_hanko_code
Closed

Add Hanko SSO authentication support#490
hg1g wants to merge 106 commits intodevelopfrom
login_hanko_code

Conversation

@hg1g
Copy link
Copy Markdown
Collaborator

@hg1g hg1g commented Mar 9, 2026
edited
Loading

Summary

  • Add Hanko SSO authentication as an alternative to legacy OSM OAuth
  • Integrate hotosm_auth_django package for authentication middleware
  • Add onboarding flow for new users and legacy user migration
  • Update frontend with @hotosm/hanko-auth web component

Environment Variables

When deploying with Hanko auth, set these env vars:

AUTH_PROVIDER=hanko
HANKO_API_URL=https://login.hotosm.org  # or dev.login.hotosm.org for dev
COOKIE_SECRET=<32-byte-secret>
COOKIE_DOMAIN=.hotosm.org
COOKIE_SECURE=true
LOGIN_URL=https://login.hotosm.org
OSM_REDIRECT_URI=https://login.hotosm.org/api/auth/osm/callback
ADMIN_EMAILS=<comma-separated-emails>

For secret values (COOKIE_SECRET, etc.), contact me on Slack.

After Merge

Run migrations to create the hanko_user_mappings table:

uv run python manage.py migrate

Running Tests

To run the Hanko auth and onboarding tests:

cd backend
uv run python manage.py test tests.test_hanko_auth tests.test_onboarding -v 2

Or run all tests:

cd backend
uv run coverage run manage.py test tests

Test plan

  • Run test_hanko_auth.py tests
  • Run test_onboarding.py tests
  • Test login flow with Hanko SSO on fair-dev
  • Test new user onboarding
  • Test existing user (legacy) onboarding with OSM account recovery
  • Verify user mappings are created correctly

Note: Docker/deployment changes are in a separate PR.

hg1g added 30 commits December 1, 2025 18:33
@hg1g
Add Hanko SSO integration
06dbf1d
@hg1g
Show user profile menu with auth component
fb13a0c
@hg1g
Add auth-libs dist
7dcc9bb
@hg1g
Update auth-libs to 0.1.1
4c02555
@hg1g
Fix SSO session verification loop
726005a
@hg1g
Merge branch 'develop' of github.com:hotosm/fAIr into login_hanko
a0ecedb
@hg1g
Add prod frontend build with Hanko support
e2218f5
@hg1g
Add test environment docker compose
d77215f
@hg1g
Add deploy workflow for login-hanko branch
2da3581
@hg1g
Add module declaration for auth-libs
9f5169c
@hg1g
Use @AuthLibs alias for auth-libs imports
dc3c2c5
@hg1g
Fix JSX type declaration for hotosm-auth
96f362e
@hg1g
Move JSX types to vite-env.d.ts
59b3ed0
@hg1g
Fix SECRET_KEY env var name
be1517f
@hg1g
Enable DEBUG mode for test environment
805d2b1
@hg1g
Fix migrations env vars
d4fb08c
@hg1g
Add shared COOKIE_SECRET for OSM auth
5664ded
@hg1g
Disable passkey on hanko.
e8d6ff0
@hg1g
Update auth-libs dist
1667f33
@hg1g
Fix auth component re-renders
661687d
@hg1g
Add singleton state for auth component
59fe27f
@hg1g
Revert singleton state pattern
c089fbc
@hg1g
Restore styling changes
8e30aa6
@hg1g
Skip init for hidden auth components
aec1889
@hg1g
Fix auth component flicker with primary/secondary pattern
1a7b562
@hg1g
Update auth-libs web component
68f6827
@hg1g
Fix React prop timing - use firstUpdated
2767e3b
@hg1g
Add admin mappings endpoint
1c8db0b
@hg1g
Update uv.lock
0145581
@hg1g
Add auth-libs wheel to dist
a2b2777
warmijusti and others added 28 commits February 10, 2026 11:59
@warmijusti
add tool menu and fix elements on navbar
acbe672
@hg1g
Update hotosm-auth to 0.2.9
7844916
@hg1g
Update hanko-auth to 0.4.5
a49e5ec
@warmijusti
navbar styling and update npm components
7204bfd
@warmijusti
update version on lock file
f3b7c4b
@hg1g
fix merge conflict.
1892861
@hg1g
Merge branch 'develop' of github.com:hotosm/fAIr into login_hanko
46882fd
@hg1g
Merge branch 'develop' of github.com:hotosm/fAIr into login_hanko
844b966
@warmijusti
update package version
b4657a3
@hg1g
Merge branch 'develop' of github.com:hotosm/fAIr into login_hanko
e4fbdd8
@hg1g
Merge branch 'login_hanko' of github.com:hotosm/fAIr into login_hanko
c79b882
@hg1g
Clean up code and update env examples
10b55b1
@hg1g
Simplify auth module comments
7692ceb
@hg1g
Add tests for Hanko authentication
f834f55
@hg1g
Update hanko-auth to 0.4.8
05f16b0
@hg1g
Update lockfile for hanko-auth 0.4.8
399bac0
@hg1g
Merge branch 'develop' of github.com:hotosm/fAIr into login_hanko
d908eb7
@hg1g
Fix hotosm-auth extras: use django instead of fastapi
5aae731
@hg1g
Update hanko-auth to 0.4.9
973fad8
@hg1g
Add onboarding tests and clean up auth code
5470b8c
@warmijusti
add hotosm-auth-user to localStorage
58fb658
@hg1g
Update auth-libs and add Hanko env vars
b4bd2ea
@hg1g
Update hanko-auth to 0.5.0
f3e51ea
@hg1g
Update hanko-auth to 0.5.1
532052e
@hg1g
Merge develop into login_hanko
d0a879d
@hg1g
Update @hotosm/hanko-auth to 0.5.2
9cc5ed7
@hg1g
Format code with prettier
d2e9a3c
@hg1g
Revert deploy files to develop version (deploy changes in separate PR)
e280796
@hg1g hg1g closed this Mar 9, 2026
@hg1g hg1g deleted the login_hanko_code branch March 9, 2026 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hg1g @warmijusti