ServicesIAM
Hanzo IAM
Identity and Access Management for the Hanzo AI Platform
Hanzo IAM
Hanzo IAM (Identity and Access Management) provides unified authentication and authorization across all Hanzo services. Built on Casdoor, it supports OAuth2, OIDC, SAML, Web3, and MPC authentication.
Features
- OAuth2/OIDC: Standard OpenID Connect flows
- Web3 Authentication: MetaMask, WalletConnect, Coinbase, Rainbow
- MPC Authentication: Multi-party computation for secure key recovery
- Multi-tenancy: Organizations, applications, and user isolation
- SSO: Single sign-on across all Hanzo services
- RBAC: Role-based access control
- MFA: TOTP, WebAuthn, SMS, Email verification
Endpoints
| Environment | URL |
|---|---|
| Production | https://iam.hanzo.ai |
| Staging | https://stg.iam.hanzo.ai |
Quick Start
Register Your Application
Create an application in Hanzo IAM to get client credentials:
curl -X POST https://iam.hanzo.ai/api/add-application \
-H "Authorization: Bearer $ADMIN_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"owner": "admin",
"name": "my-app",
"displayName": "My Application",
"organization": "hanzo",
"redirectUris": ["https://myapp.com/callback"],
"enablePassword": true,
"enableSignUp": true,
"enableWebAuthn": true
}'Implement OAuth2 Flow
// Redirect to authorization
const authUrl = new URL('https://iam.hanzo.ai/login/oauth/authorize')
authUrl.searchParams.set('client_id', CLIENT_ID)
authUrl.searchParams.set('redirect_uri', REDIRECT_URI)
authUrl.searchParams.set('response_type', 'code')
authUrl.searchParams.set('scope', 'openid profile email')
authUrl.searchParams.set('state', generateState())
window.location.href = authUrl.toString()Exchange Code for Token
const response = await fetch('https://iam.hanzo.ai/api/login/oauth/access_token', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
grant_type: 'authorization_code',
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
code: authorizationCode,
redirect_uri: REDIRECT_URI
})
})
const { access_token, refresh_token, id_token } = await response.json()Get User Info
const userInfo = await fetch('https://iam.hanzo.ai/api/userinfo', {
headers: { 'Authorization': `Bearer ${access_token}` }
}).then(r => r.json())
// userInfo contains: sub, name, email, picture, etc.Organizations
Hanzo IAM supports multi-tenant organizations:
| Organization | Domain | Theme Color |
|---|---|---|
| hanzo | hanzo.ai | #fd4444 (Red) |
| zoo | zoo.ngo | #10b981 (Green) |
| lux | lux.network | #8b5cf6 (Purple) |
| pars | pars.ai | #3b82f6 (Blue) |
Applications
Pre-configured applications:
| Application | Organization | Description |
|---|---|---|
| app-hanzo | hanzo | Main Hanzo AI Platform |
| app-cloud | hanzo | Hanzo Cloud Console |
| app-commerce | hanzo | Hanzo Commerce Platform |
| app-console | hanzo | Hanzo Observability Console |
| app-platform | hanzo | Hanzo PaaS Platform |
| app-zoo | zoo | Zoo Labs Foundation |
| app-lux | lux | Lux Network |
| app-pars | pars | Pars AI Platform |
Authentication Methods
Password Authentication
Standard username/password with argon2id hashing.
OAuth2 Providers
- GitHub
- Microsoft
- Apple
- Discord
- Twitter/X
Web3 Wallets
- MetaMask
- WalletConnect
- Coinbase Wallet
- Rainbow
WebAuthn/Passkeys
FIDO2 passwordless authentication with hardware keys or biometrics.
API Reference
See the IAM API documentation for the complete API reference.
SDK Integration
JavaScript/TypeScript
import { HanzoAuth } from '@hanzo/auth'
const auth = new HanzoAuth({
clientId: 'your-client-id',
redirectUri: 'https://yourapp.com/callback',
organization: 'hanzo'
})
// Login
await auth.login()
// Get current user
const user = await auth.getUser()
// Logout
await auth.logout()Python
from hanzoai.auth import HanzoAuth
auth = HanzoAuth(
client_id="your-client-id",
client_secret="your-client-secret",
organization="hanzo"
)
# Get access token (client credentials)
token = auth.get_access_token()
# Verify token
claims = auth.verify_token(token)Next Steps
How is this guide?
Last updated on