Hanko (Passkey Auth) MCP. Manage passwordless logins and user identity.

Q: How do I start a passkey login using the passkeylogininit tool?

You call passkeylogininit first; it returns the public key options necessary for your client to begin the WebAuthn process. You then use those options in your frontend, and finally call passkeyloginfinalize upon success.

Q: Can I check if a user's session token is valid with Hanko (Passkey Auth) MCP?

Yes, you run publicvalidatesession. This tool checks the validity of a provided session token against your configured keys, giving you immediate confirmation that access rights are active.

Q: How do I delete a user's passkey using the passkeydeletecredential tool?

You use passkeydeletecredential and provide the specific credential ID. This ensures the key is removed from the system, preventing unauthorized access through that device.

Q: Which tool should I use to create a new user in Hanko?

Use admincreateuser. After creating them with this tool, you must follow up by using the passkey tools to set up their initial credential registration.

Q: What sequence must I follow to process a signed payment using the passkeytransactioninit and passkeytransactionfinalize tools?

You start by calling passkeytransactioninit to set up all required parameters for the transaction. Then, you use passkeytransactionfinalize to complete the signature-backed action.

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Just plug in your AI agents and start using Vinkius.

Hanko (Passkey Auth) manages passwordless user identity and credentials using WebAuthn standards. Initialize passkey registrations, finalize secure logins, manage stored keys, or sign sensitive transactions—all from one place.

What your AI agents can do

Admin create user

Creates a brand new user record using the administrative API tools.

Admin get user

Retrieves all details for an existing user by their unique ID.

Admin list user credentials

Lists every WebAuthn credential attached to a specified user account.

+ 12 more capabilities included

Initiate Passkey Registration

Generates the necessary options to start the process of linking a new passkey to a user account.

Finalize User Login Flow

Completes a secure sign-in when a user successfully authenticates with their registered passkey.

Manage Credentials

Allows you to list or delete WebAuthn credentials attached to specific users for security auditing.

Perform Signed Transactions

Initializes and finalizes a passkey signature, guaranteeing that the transaction originated from an authenticated user.

Validate System Sessions

Retrieves JSON Web Key Sets (JWKS) or validates existing session tokens to confirm access rights.

Ask AI about this MCP

Supported MCP Clients

OAuth 2.0 Compatible

Claude

ChatGPT

Cursor

Gemini

VS Code

JetBrains

Vercel

Zendesk

+ other MCP clients

Included with Plan

Waiting for input…

AI Agent

Hanko (Passkey Auth) with 15 Tools

These tools give your agent the power to execute every step of complex identity management, from creating users to signing transactions.

Make your AI actually useful.

public validate session

Validates whether a provided Hanko session token is legitimate and still active.

Choose How to Get Started

Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.

Build Your Own

Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.

Import from OpenAPI, Swagger, or YAML specs
Create Agent Skills with progressive disclosure
Deploy to edge with MCPFusion framework
Built in DLP, auth, and compliance on every call
Real time usage dashboard and cost metering
Publish to catalog or keep private

Start building

Make Your AI Do More

Start with Hanko (Passkey Auth), then connect any of our 4,900+ other servers whenever your AI needs more. One click, no limits.

Use this MCP plus 4,900+ others, all in one place
Add new capabilities to your AI anytime you want
Every connection is secured and compliant automatically
Track usage and costs across all your servers
Works with Claude, ChatGPT, Cursor, and more
New servers added to the catalog every week

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Hanko. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

VINKIUS INFRASTRUCTURE

Cloud Hosted

Managed infra

V8 Isolated

Sandboxed per request

Zero-Trust Proxy

No stored credentials

DLP Enforced

Policy on every call

GDPR Compliant

EU data residency

Token Compression

~60% cost reduction

Your data is protected. See how we built it.

Works with Claude, ChatGPT, Cursor, and more

The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.

This server provides 15 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.

Managing user access feels like a guessing game today.

Right now, building secure identity features means juggling multiple APIs. You have to handle key generation options in one endpoint, then manage the final confirmation in another. If you mess up the sequence, or if the client-side logic changes, your entire login flow breaks.

With this MCP, that whole multi-step, error-prone process gets condensed into simple function calls. Your agent handles the complexity of WebAuthn flows; you just call `passkey_login_init` and then `passkey_login_finalize`. You get a reliable, fully compliant authentication path every time.

The Hanko (Passkey Auth) MCP provides complete credential lifecycle control.

Before this, auditing credentials meant running several separate reports and manually cross-referencing user IDs with their registered devices. If you needed to know *which* keys were attached to a specific user, it was tedious work.

Now, simply calling `admin_list_user_credentials` gives your agent an immediate, structured list of every credential tied to that account. It’s instant auditing and management.

Support 24/7 support@vinkius.com ↗

Security Vinkius Trust Center ↗

SLA Service Level Agreement ↗

Report Listing Send Report ↗

What you can do with this MCP connector

This MCP lets you build authentication flows that don't rely on passwords. You get a centralized way to handle the whole lifecycle of user identity. Instead of managing complex backend logic for key exchange and session validation, your agent calls simple tools here. It handles everything from getting initial credentials ready for registration to finalizing a high-value transaction using passkeys.

When you connect this MCP through Vinkius, your AI client can execute these advanced security flows just by reading natural language requests. You can audit user access history and manage credentials without writing boilerplate WebAuthn code yourself. It’s about getting past the password screen reliably, whether it's for a simple sign-in or authorizing a payment.

Built · Hosted · Managed by Vinkius Hanko (Passkey Auth) MCP - Manage Passkeys Server ID 019e38a5-932d-701a-a482-b0cecd8628d0

Vinkius Inspector

Compliance Grade F

Score 3.6/100

Report View Report ↗

How Hanko (Passkey Auth) MCP Works

1 Subscribe to this MCP and supply your Hanko Tenant ID and API key.
2 Your agent calls an initialization tool, like passkey_login_init, which returns the necessary public key options for your client.
3 Use those returned options in your frontend code; once the user confirms their passkey, call a finalization tool (e.g., passkey_login_finalize) to complete the process.

The bottom line is you get reliable, structured access to complex authentication steps without writing the underlying protocol logic yourself.

Who Is Hanko (Passkey Auth) MCP For?

Security engineers and backend developers who are sick of handling brittle password flows. If your product touches user identity or financial transactions, this is what you need.

Authentication Engineer

Building the login pipeline; they use this to ensure every flow—login, registration, transaction signing—adheres strictly to WebAuthn standards.

DevOps Specialist

Setting up user lifecycle hooks; they can run admin_list_users and audit credentials using the admin tools for compliance checks.

Product Architect

Simulating new features; they use this MCP to verify if their proposed passkey onboarding flow works before writing a single line of backend code.

What Changes When You Connect

You eliminate the need for complex, custom key management code. Simply calling passkey_login_init gets you all the options needed to start a secure login flow immediately.
Security audits become simple. Instead of manually checking databases, your agent can run admin_list_user_credentials or passkey_list_credentials to verify exactly what credentials are attached to an account.
Handling financial operations is safer. By using the transaction tools—first calling passkey_transaction_init, then passkey_transaction_finalize—you guarantee the signer actually owns the associated passkey for that user.
Onboarding flows accelerate because you don't have to manually stitch together multiple APIs. You can run a sequence of calls, like initiating and then finalizing registration, all through your agent.
Session handling is streamlined too. Use public_validate_session or fetch the keys with public_get_jwks to confirm token integrity without guesswork.

Real-World Use Cases

Onboarding a New Enterprise Client

A product manager needs to onboard 50 new users. Instead of manually calling the user creation endpoint repeatedly, they ask their agent to run admin_list_users first (to check for conflicts), then loop through and call passkey_registration_init followed by passkey_registration_finalize for each one. This automates identity setup.

Auditing a Suspicious Account

The security team suspects credential compromise. They use the agent to call admin_get_user to verify the user exists, and then immediately call admin_list_user_credentials to get a list of every associated WebAuthn device ID, allowing them to check for unauthorized keys.

Processing a High-Value Payment

A customer wants to pay $500. The system doesn't trust the session token alone; it requires explicit proof of identity. The agent calls passkey_transaction_init, waits for confirmation, and then calls passkey_transaction_finalize to confirm the user signed off on the payment.

Verifying API Token Integrity

An external service tries to access protected data using a session token. Instead of trusting the header, the agent uses public_validate_session and fetches keys via public_get_jwks. This confirms that the token is current and valid against your public key set.

The Tradeoffs

Assuming a simple username/password lookup works.

The developer writes code to look up a user by email and then assumes they can grant access simply because the record exists, ignoring modern security requirements.

→ You must use the dedicated authentication tools. First, initiate the flow with passkey_login_init. Then, once the key is confirmed on the client side, finalize it using passkey_login_finalize to prove identity.

Bypassing credential management.

An admin manually deletes a user record without first listing or revoking their associated passkeys, leaving orphaned credentials in the system.

→ Always check credentials first. Use admin_list_user_credentials to list what's attached before you delete anything, and use passkey_delete_credential if revocation is necessary.

Using general API calls for identity.

Calling a generic user creation tool like admin_create_user but forgetting to follow up with the mandatory passkey registration steps, leaving an unauthenticated shell account.

→ Creating a user is step one. Immediately follow up by calling passkey_registration_init and then completing it with passkey_registration_finalize so they are secure from day one.

When It Fits, When It Doesn't

Use this MCP if your product's core function requires passwordless authentication, especially for high-stakes actions like payments or onboarding. If you need to manage the entire WebAuthn lifecycle—from initial key creation through session validation and transaction signing—you need these tools. Don't use it if all you need is a basic user lookup; then admin_get_user works fine, but you miss out on the critical security layers for login and transactions.

If your process involves any form of financial confirmation or requires proof that the user owns the device signing the request, these tools are mandatory. If your architecture already handles passkeys perfectly from scratch and doesn't need administrative auditing (like listing all credentials), you might skip it—but even then, using the public_validate_session tool is good practice.

Common Questions About Hanko (Passkey Auth) MCP

How do I start a passkey login using the passkey_login_init tool? +

You call passkey_login_init first; it returns the public key options necessary for your client to begin the WebAuthn process. You then use those options in your frontend, and finally call passkey_login_finalize upon success.

Can I check if a user's session token is valid with Hanko (Passkey Auth) MCP? +

Yes, you run public_validate_session. This tool checks the validity of a provided session token against your configured keys, giving you immediate confirmation that access rights are active.

How do I delete a user's passkey using the passkey_delete_credential tool? +

You use passkey_delete_credential and provide the specific credential ID. This ensures the key is removed from the system, preventing unauthorized access through that device.

Which tool should I use to create a new user in Hanko? +

Use admin_create_user. After creating them with this tool, you must follow up by using the passkey tools to set up their initial credential registration.

How do I audit all WebAuthn credentials for a user using the admin_list_user_credentials tool? +

It generates a complete list of every credential associated with that specific user ID. You can use this to quickly audit or verify which passkeys are currently active on an account before making changes.

What sequence must I follow to process a signed payment using the passkey_transaction_init and passkey_transaction_finalize tools? +

You start by calling passkey_transaction_init to set up all required parameters for the transaction. Then, you use passkey_transaction_finalize to complete the signature-backed action.

How do I initiate a new passkey registration flow using passkey_registration_init? +

This tool returns the necessary public key options required for client-side credential creation. Your AI agent uses these options to call navigator.credentials.create(), finishing the registration process on your frontend.

When should I use the flow_execute tool for advanced identity management tasks? +

Use this when your authentication needs involve complex, multi-step business logic that doesn't fit standard flows. It lets you run pre-defined Hanko Flow actions directly through your agent.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript